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Setting Up A 
Private Cloud 

How To Bring Your Cloud Computing 
Strategy In-House 




PRIVATE 
TY 




by Elizabeth Millard 

As A WAY TO exercise greater control over 
security and application availability, some 
enterprises are moving toward building pri- 
vate clouds. With the right approach and 
expertise in place, this type of setup can 
offer the best of both worlds: the cost- 
effectiveness of cloud computing and the 
assurance that comes with the ability to 
manage data and applications more closely. 
Here are some insights into determining if a 
private cloud is right for your enterprise 
and what's involved in setting one up. 

Making The Choice 

The benefits of cloud computing promise 
to be so compelling that it makes sense for 
enterprises to consider a private cloud 
approach, according to Peter ffoulkes, vice 
president of marketing at Adaptive Com- 
puting (www.adaptivecomputing.com). He 
notes that private clouds don't have to be a 
wholesale redesign of an entire infrastruc- 
ture, but can instead start as small as a sin- 
gle project, perhaps a development and test 
cloud for new IT services. 

"If public cloud is being considered as a 
future option, a small private cloud can be a 
safe way to develop the necessary skills 
and understand the cultural aspects of cloud 
computing as they relate to your own spe- 
cific organization before boldly going out- 
side the firewall," he says. (For a closer 
look at public vs. private clouds, turn to 
"The Public vs. Private Cloud Debate" on 
page 8.) 



An enterprise can also consider a private 
cloud as a way to get more dynamic IT ser- 
vice delivery, notes Dana Spector, senior 
services architect at Dimension Data 
(www.dimensiondata.com). 

"The IT manager should assess both the 
level of control they need and the proprietary 
nature of their data/services to determine 
whether a private cloud is the best approach," 
Spector notes. Jeremy Duckett, Dimension's 
vice president of strategic services, adds that 



Key Points 



• An enterprise should determine whether to 
set up a private cloud based on such fac- 
tors as business need, service access, 
ownership costs, and risk management. 

• Like any major IT project, private cloud 
setup requires working with key man- 
agement personnel, setting up testing, 
ensuring hardware compatibility, and 
training users. 

• The new system should have intelligent 
governance to deal with issues related to 
resources, systems, and changing busi- 
ness conditions. 



key considerations in building the business 
case for private cloud adoption include 
whether the cloud offers the ability to opti- 
mize the cost of implementation and ongoing 
management while managing risks, whether 
physical asset ownership costs can be met 
Go to Page 6 



Success 

With 

Services 

Fujitsu Helps Organizations 
Boost Their Security 
& Streamline Operations 

by Tessa Warner Breneman 

Fujitsu is approaching its 75th birthday, 
and there's a lot to celebrate as a leader in 
the IT services market. Gartner recently 
reported that Fujitsu has the third largest 
share of the worldwide IT services market, 
and Barry Carter, executive vice president of 
Infrastructure Services at Fujitsu America, 
says Fujitsu plans to continue adapting and 
changing to meet the needs of its customers. 

Fujfrsu 

"We want to industrialize the IT process 
and provide for repeatability and scalabili- 
ty," Carter says. "We also want to work with 
the customer, and we want to solve their 
problem. We don't want to put a square peg 
in a round hole. [But] if they really want a 
square peg and it's important to them, we're 
going to listen to them and we're going to 
tailor our service and solution to help them 
meet their business needs." 

Fujitsu's Lean Services 

Fujitsu uses what it calls a "Lean 
Practices" approach to help customers 
streamline their operations. The approach is 
designed to help customers find ways to 
reduce waste and create value while gaining 
a deep understanding of customer needs. 
Fujitsu will also help customers develop 
paths toward continuous improvement. 

"I think clearly the challenges today are 
trying to do more with less," Carter says. 
"We believe from a services perspective that 
we have greater scale, and we have some 
great capabilities with our Lean Practices, 
where we've taken the lean manufacturing 
approach, built that into our methodology, 
and we can partner with customers in the 
delivery of services to eliminate waste." 

Fujitsu also recognizes that IT departments 
face a variety of challenges associated with 
adhering to regulations such as Sarbanes- 
Oxley and HIPAA. Through its managed 
security services, Fujitsu delivers solutions 
for customers needing to meet those report- 
ing and security regulations and offers a 
managed data center service that meets PCI 
(Payment Card Industry) requirements. B 

Contact: (800) 831-3183 I www.fujitsu.com 



The Processor.com home page is frequently updated with 
new articles and hardware news to help you keep current. 
Visit www.processor.com today. 
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News 




I Cisco To Buy ExtendMedia 

Cisco Systems is expanding its 
push into multiscreen IP 
video with a new acqui- 
sition. The compa- 
ny, which until W 
recently has 
been known 
primarily for 
switches, routers, 
broadband modems, 
and other backbone net- 
working hardware, has 
announced its intention to buy 
Boston-based ExtendVideo. ExtendVideo can 
provide its CMS lifecycle management soft- 
ware for the content crucial to Cisco's IP 
video services, as well as an experienced 
development team, Cisco says. Terms of the 
deal were not disclosed as of press time; 
however, the companies are expected to con- 
summate the acquisition in the first half of 
Cisco's fiscal year. 

I Intel To Acquire 
Infineon's Wireless Unit 

Chip giant Intel continues to buy big names 
in IT. In addition to its recent acquisition of 
McAfee, Intel announced its intentions to pur- 
chase Infineon's WLS (Wireless Solutions) 
business for about $1 .4 billion in cash. After the 
deal, which Intel expects to finalize in Q1 201 1 , 
the company plans to run WLS as a standalone 
entity and continue support for its customers. 
The acquisition of the wireless networking chip- 
maker will strengthen Intel's portfolio of offer- 
ings with wireless options ranging from 3G and 
LTE to 4G and WiMAX. WLS chips, already 
used in mobile devices such as the iPad, will 
make their way into Intel-based notebooks, net- 
books, tablets, smartphones, and embedded 
PCs, Intel says. 



I Cogent Acquired By 3M 
In $943 Million Deal 

3M announced plans to acquire Cogent 
Systems, a Florida-based pro- 
ducer of biometrics systems, 
in an effort to become a 
bigger player in the secu- 
rity and identification prod- 
ucts market. The purchase 
price for Cogent, whose clients 
include the U.S. Department of 
Homeland Security, New York State, 
and the Belgian federal police depart- 
ment, is $943 million, or $1 0.50 per share — 
18% more than its closing price of $8.91 at the 
time of the announcement. The agreement will 
be finalized during Q4 2010. CEO and founder 
of Cogent, Ming Hsieh, will stay with the firm 
after the change, which he says will "accelerate 
our growth and extend our reach in global bor- 
der control markets, law enforcement, 
and commercial applications." 



I Motorola Buys 280 North 

Motorola has purchased 280 North, 
a developer of mobile applications 
that Motorola says will help 
enhance its Android-based 
devices, including smart- 
phones and a potential media 
tablet. Motorola recently re- 
leased a handful of Android-based devic- 
es, including the Droid X and the Droid 2. 
Although details of the purchase have yet to 
be released. Motorola has confirmed that the 
deal is finalized. 280 North develops applica- 
tions such as 280 Slides, an application that 
lets users create slideshow presentations 
through their browsers, and is known for its 
easy-to-use open-source Cappuccino frame- 
work, which provides users with tools for 
developing rich Web applications. 



Lit 10101010! 
J011010]01:. 
)) I0101010I1UU 

110101010' " 



WATCH THE 

This information provides a quick glimpse of current and historical stock 
j^^^^^ J^j^ prices and trends for 1 3 major companies in the technology market. 



Company 


Symbol 


Year Ago 


Aug. 19$ 


Sept. 1 S 


% change from 
previous issue 


AMD 


AMD 


$4.28 


$6.42 


$5.76 


T 10.28% 


CA Technologies 


CA 


$20.20 


$18.39 


$18.57 


▲ 0.98% 


Cisco Systems 


CSCO 


$21.55 


$22.22 


$20.26 


T 8.82% 


Dell 


DELL 


$15.35 


$12.04 


$12.12 


▲ 0.66% 


Google 


GOOG 


$453.01 


$467.97 


$460.33 


T 1 .63% 


HP 


HPQ 


$44.25 


$40.76 


$39.21 


T 3.8% 


IBM 


IBM 


$116.09 


$128.50 


$125.77 


T 2.12% 


Intel 


INTO 


$19.47 


$18.90 


$18.14 


T 4.02% 


McAfee 


MFE 


$39.06 


$47.01 


$47.16 


▲ 0.32% 


Microsoft 


MSFT 


$23.86 


$24.44 


$23.90 


T 2.21% 


Oracle 


ORCL 


$21.77 


$23 


$22.62 


T 1 .65% 


Red Hat Software 


RHT 


$22.76 


$31.41 


$35.65 


▲ 13.5% 


Symantec 


SYMG 


$15 


$13.37 


$14.08 


▲ 5.31% 



I Citrix To Purchase VMLogix 

Citrix Systems announced it will acquire 
VMLogix, a virtualization management 
provider. The purchase, which is expected to 
be finalized in Q3 2010, will provide additional 
lifecycle management capabilities to the Citrix 
OpenCloud platform. Additionally, Citrix's Xen- 
Server virtualization platform will be able to 
support a self-service interface, which lets 
users control their virtual computing assets in 
private cloud environments from inside their 
organizations. According to Citrix, networking 
and interoperability features will also be added 
to the OpenCloud platform to help users man- 
age both private and public environments from 
the same console. 

I Malware Attack On Military 
Computers Worst Ever 

A For U.S. Armed Forces 
The Pentagon has confirmed a 
2008 incident wherein a lap- 
top used by the U.S. military 
in the Middle East was infect- 
ed with malware from a 
flash dnve. The malware, 
which is presumed to 
have been placed by a 
foreign agent, oper- 
ated silently and 
allowed data trans- 
fer from infected machines to foreign comput- 
ers. The attack is, according to the Pentagon, 
the worst military computer breach to date. 
According to U.S. Deputy Secretary of De- 
fense William J. Lynn III, this event marked a 
turning point in the United States' cyberde- 
fense strategy. 

I Wireless Competition 
Becoming Concentrated 

According to a report from the Government 
Accountability Office, wireless service over 
the past decade has been growing more con- 
solidated and is now controlled by just a few 
major players, to the exclusivity of small and 
regional carriers. Those smaller carriers are 
less able to acquire subscribers, invest in net- 
work infrastructure, and 
carry certain phones 
than their larger com- 
petitors. However, in 
that same time period, 
wireless customers 
have enjoyed greater 
_ coverage and significantly 
lower prices. Some believe 
that FCC policies for allo- 
cating wireless spec- 
trum unfairly benefit 
■to^ ■ larger carriers and hurt 
J/^-\ competition in the wire- 
less industry. 



NOTE: This information is meant for reference only and should not be used as a basis for buylseli decisions. 
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I Brocade Suing A10 Networks 

Brocade Communications is suing A10 
Networl<s for alleged patent infringement, 
breach of contract, and unfair competition. 
Brocade claims that A10, which is made up 
mainly of former Brocade and Foundry 
Networks employees, used proprietary knowl- 
edge to create competitive products in less 
than half the time it takes new companies to 
output software. Brocade is hoping to stop 
A10 from selling products that violate its 
patents or use its trade secrets, reclaim the 
stolen intellectual property, and 
earn an unspecified 
amount of compensa- 
tion for the offense. 

I Gartner 
Readjusts 2010 
Global PC 
Projections 

Given the uncertain 
economic outlook for 
the United States and 
Western Europe, Gartner recently downgrad- 
ed its second-half 2010 forecast for PC 
growth by about 2% to 15.3% overall growth. 
The research firm is calling for global PC 
shipments to total 367.8 million units for this 
year, a 19.2% rise from 2009's 308.3 million. 
Gartner says that although businesses 
delayed PC purchases in 2009, they'll find it 
difficult to delay PC replacements further 
because the age of the current installed PC 
base is already at an all-time high. Further, 
Gartner says, businesses that delay replace- 
ments much longer will risk alienating 
employees and saddling themselves with 
higher migration costs in the future as well as 
more service requests and support costs. 

I National Institutes Of Health To Spend 
$40 Billion For Health IT Services 

A pre-solicitation notice posted on FedBizOpps 
indicates that the NIH (National 
Institutes of Health) is interested in 
contractors for the CI0-SP3 (Chief 
Information Officer - Solutions and 
Partners 3) contract that 
provides IT sen/ices for 
the federal government. 
The CI0-SP3 is a 
Government-Wide 
Acquisition Contract 
that's split into two $20 billion open 
competitions: One is awarded via 
open competition, and the other is a 
small-business award. The solicita- 
tions are for health and biomedical-related IT 
services, which include medical imaging, video- 
conferencing, and remote sensing. Solicitations 
are available as of Sept. 1 . 

I New Attack Vector Found In Windows 

Microsoft issued a security advisory about a 
possible vulnerability through DLL preloading. 
In the past, preloading DLLs was considered to 
be a low-level threat, but a recent research 
paper from the University of California at Davis 
indicates that remote attack vectors could use 
the Windows flaw. The vulnerability occurs 
when an application loads a DLL without speci- 
fying a full qualified path name, which causes 
Windows to attempt to locate the DLL. A hack- 
er sets the DLL to open an attacker-controlled 
directory that runs malicious code. 

I CIO Council Proposes Cloud 
Computing Privacy Framework 

The U.S. government is not immune to secu- 
rity concerns about working in the cloud. In 
fact, the feds may be especially vulnerable, 
says a report from the Chief Information 
Officers Council. Because federal regulations 
control how the government acquires and 
processes personally identifiable informa- 
tion, the government may violate its own 




regulations when using the cloud to collect 
that info. "Once an agency chooses a cloud 
computing provider to collect and store infor- 
mation, the individual is no longer providing 
information solely to the government, but 
also to a third party who is not necessarily 
bound by the same laws and regulations," 
says the report, issued by the CIO Council's 
Privacy Committee. 

I Email The Primary Cause 
Of Data Loss 

A new study has found that email remains the 
primary source of data loss in enterprise envi- 
ronments. The study, conducted by Osterman 
Research, reports that 35% of large enter- 
prises have investigated a leak of sensitive 
information via email. In many cases, 
companies responded to such leaks with 
disciplinary actions, with 11% of those 
actions resulting in termination of the 
employee. While leaks via email remain 
the major culprit in such data breaches, the 
amount of data loss associated with social 
networking continues to grow as more em- 
ployees utilize such tools as blogs, mes- 
sage boards. Twitter, Facebook, YouTube, 
and Vimeo. 

I HP Acquires Database Company 

HP has purchased Stratavia, a Denver-based 
company that specializes in database and 
application automation. HP says the buy will 
provide its clients with a comprehensive prod- 
uct bridging the gap between application devel- 
opment and application deployment. Stratavia's 
products will improve HP's Business Service 
Automation lineup as well as its Cloud Service 
Automation solution, the company says. HP 
Executive Vice President Bill Veghte says 
today's organizations have increasingly com- 
plex IT environments and are looking for ways 
to automate changes with consistency and 
control. The HP/Stratavia combination will 
provide enterprises with a "one-stop shop for 
infrastructure and application deployment 
management," he says. 

I Garmin Recalls GPS Units 

Garmin has issued a volun- 
tary recall of 1 .25 million 
Nuvi personal navigation 
devices, about 800,000 of 
which were sold in the 
United States. The GPS 
units have a specific PCB design and bat- 
teries from a third-party supplier; these 
devices have reportedly been linked to 
several cases of overheating leading to a 
fire hazard, although no injuries or significant 
property damage have occurred. IVIodels cov- 
ered in the recall include the 200W, 250W, 
260W, 7xx, and 7xxT (where xx is a two-digit 
number). Owners of Nuvi devices can visit 
www.garmin.com/nuvibatterypcbrecall to 
find out if their specific device is affected by 
the recall. 

I Microsoft To Build 
Data Center 

Microsoft announced it 
will build another large 
data center, despite a 
recent decision to scale 
back plans for an earlier 
facility in Iowa. The new 
center, to be located in 
Virginia, will employ about 50 
people and cost $499 million to build. Virginia 
Governor Bob McDonnell says that Virginia 
beat out North Carolina and Texas for the deal. 
The facility will be a Generation 4 data center, 
meaning it will be built with a modular setup 
consisting of containers filled with servers, 
which allows for energy efficiency, cost sav- 
ings, and quick deployment. McDonnell labeled 
the data center the largest economic invest- 
ment in Southern Virginia history. 



I Lockheed Martin 
Awarded HHS Contracts 

Lockheed Martin won two HHS contracts worth 
a combined total of about $9 million. One con- 
tract states that Lockheed Martin will help cre- 
ate digital healthcare software for the NHIN 
(Nationwide Health Information Network), while 
the second involves developing demonstrations 
and pilots of real-world implementation of the 
software and potential for future technology 
capabilities. The NHIN hopes this agreement 
will lead to the safest available form of transfer- 
ring medical information across the Internet. 
Lockheed Martin believes the ability to test out 
new technology and features in a real-world 
environment will lead to more discoveries and 
faster implementation. 

I HP Settles With Government 
For $55 Million 

The U.S. Department of Justice announced 
that HP will pay $55 million to the U.S. gov- 
ernment to settle charges that the computer 
maker gave kickbacks to third-party ven- 
dors that recommended HP products to 
federal agencies. The lawsuit included Sun 
Microsystems, Accenture, and dozens of other 
IT companies that allegedly gave or received 
kickbacks. The settlement also ends a Jus- 
tice Department investigation of whether HP 
defrauded the General Services Administration 
in a 2002 contract. The government claimed 
that the contract neglected to provide GSA offi- 
cers with information on HP's private sector 
prices so that the government could negotiate 
a fair price. 

I Visa Creates Security Best Practices 

Visa released a set of security best practices 
for those that take care of payment-related 
processes on behalf of merchants, such as 
systems integrators and managers. The guide- 
lines were created to address weaknesses 
within the applications used in credit and debit 
card transactions, which can be caused by 
configuration errors. Visa collaborated with the 
SANS Institute to create the 10 different guide- 
lines that build upon the PA-DSS (Payment 
Application Data Security Standard) regulations 
already in place. Visa's recommendations 
focus on implementation and management 
rather than the development of the security 
applications themselves, which is the focus of 
the PA-DSS rules. 

1 25% Of Malicious Worms 
Spread Via USB 

The experts at security firm PandaLabs have 
released a report that shows that one in four of 
all new worms in 2010 used portable storage 
devices, such as USB drives, to spread. This 
kind of malware is designed to install on the 
user's system automatically when the device is 
connected, making the infection sometimes dif- 
ficult to trace. Devices that have been known to 
transmit this kind of malware 




include 
smartphones, cameras, and 
MPS players, to name a few. The high-profile 
Stuxnet worm was a USB-transmitted virus that 
wrought havoc for major manufacturing and 
utility companies. The Conficker worm was 
another virus that exploited the USB security 
hole. Free software to block USB-borne attacks 
is available for download from companies such 
as Panda for users concerned about the vul- 
nerability of their PCs. 
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Are you looking to learn more about data center 
or IT topics? Network with some of your peers? 

Consider joining a group of data center 
professionals. If you have an event you'd like 
listed, please send an email to 
feedback@processor.com. 



- SEPTEMBER - 

BICSI Fall Conference 
Sept. 12-16 
MGM Grand Hotel & Convention Center 
Las Vegas, Nev. 
www.bicsi.org/fall 

Hosting Transformation Summit 
Sept. 13-15 

Caesars Palace 

Las Vegas, Nev. 
www.hsvsummit.com/na/201 

AITP Garden State 
Sept. 14 
Jim Johnston's Steakhouse 
58 Eisenhower Parkway Mountain Plaza 
Roseland, N.J. 
tech.groups.yahoo.com/group 
/aitpgardenstatechapter 



AITP Richmond 
Sept. 14 
2015 Staples Mill Road 
Richmond, Va. 
www.aitprich.org 



ISSA New England 

Sept. 14 
Weymouth, Mass. 
www.issa-ne.org 



PASS Wisconsin SQL Server User's Group 
Sept. 14, 4:30 
Microsoft Office 
2176 Woodcrest Drive 

Green Bay, Wis. 
wisconsin.sqlpass.org 



AFCOM Central Ohio 
Sept. 15 
Columbus, Ohio 
www.afcomcentralohio.org 



AITP Northeastern Wisconsin Chapter 
Sept. 15, 4:15 p.m. 
Holiday Inn Select 
150 S. Nicolet Road 
Appleton, Wis. 
new.aitp.org 

ISSA International Conference 
Sept 15-17 
Georgia International Conference Center 
2000 Convention Center Concourse 
College Park, Ga. 
www.issa.org/conf/?p=105 



AITP Atlanta 
Sept. 16, 5:30 p.m. 
Crowne Plaza Atlanta Perimeter NW 
6345 Powers Ferry Road NW 
Atlanta, Ga. 
www.aitpatlanta.org 



AITP Greater Boston 
Sept. 16 
Phillip's Old Colony House 
Dorchester, Mass. 
www.bostonaitp.org 



AITP Omaha 

Sept. 1 6 
Omaha, Neb. 
www.aitpomaha.com 



Community SANS Atlanta-Security 560: 
SANS Network Penetration Testing 
& Ethical Hacking 
Sept. 17-22 
Hilton Atlanta Airport Hotel 
1031 Virginia Ave. 
Atlanta, Ga. 
www.sans.org/atlanta-201 
-cs2/description.php?tid=31 42 



ISSA Upstate South Carolina 
Sept. 17 
NuVox 
1001 Keys Drive #100 

Greensville, S.C. 
www.upstate-issa.org 



itSMF Fusion 2010 
Sept. 19-22 
Kentucky International Convention Center 
Louisville, Ky. 
www.itsmfusion.com 



For more Upcoming IT Events, see page 8. 
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The Processor Product Releases section 
includes brief overviews of data center products. 

All products listed have been released recently, so use this section to get 
up-to-date with what's new on the market and to find products you need. 



Manufacturers: 

Do you have a new product that data center/IT 
managers would be interested in learning about? 

Send your press release or product information 
to press@processor.com. 



Networking & VPN 



■ Akorri BalancePoint 

Littleton, Mass., -based Akorri released 
the latest version of BalancePoint, the 
company's data center offering aimed at 
predicting network outages and bottle- 
necks. The release adds analytics fea- 
tures, disk utilization reporting, and 
support for Microsoft Hyper-V. Bal- 
ancePoint Predictor — new in this re- 
lease — detects physical or virtualized 
workload "bullies" and alerts administra- 
tors to help prevent downtime. The disk 
utilization module provides an early 
warning when loads increase to danger- 
ous levels. The product supports and 
reports on virtualized environments, 
including Hyper-V and VMware, in an 
effort to deliver optimized predictive per- 
formance and capacity management. 

■ Citrix Systems Xen Desktop 

Citrix Systems announced a version of 
its XenDesktop product that includes 
Citrix XenClient and Citrix XenVault. The 
two are designed to make it easier for IT 
personnel to incorporate mobile laptop 
users into a unified enterprise desktop vir- 
tualization strategy. Features include 
Virtual Desktops "To Go," centralized 
backup and recovery, and support for 
XenApp and App-V. 

■ Edgewater Networks EdgeMarc 4550 
Series Network Services Gateways 

Edgewater Networks introduced the 
EdgeMarc 4550 Series Network Services 
Gateways, which are built to utilize a 
range of different WAN link types and 
handle up to 90 concurrent VoIP calls, 
SIP trunking, hosted PBX, and other man- 
aged services. 

■ Embotics V-Commander 3.6 

Embotics released the virtualization 
management system V-Commander 3.6, 
which lets organizations have complete 
control over virtual environments without 
needing to sink the time, money, and 
resources typically associated with 
deploying such enterprise systems. In 
addition to management and automation 
that lessens complexity, the system pro- 
vides analysis, decision support, and man- 
agement 15 minutes after installation. The 
system scales to 15,000-plus VMs. 

■ Flexera Software InstallShield 2011 

Flexera Software released the In- 
stallShield 2011 for MSI installers, 
InstallScript, and Microsoft App-Virtual 
packages. Flexera collaborated with 
Microsoft to offer the following features 
for InstallShield 2011: professional appli- 
cation installation authorship via Visual 
Studio 2010, support for the Microsoft 
Visual Studio Team Foundation Server, 
project schedul- 
ing, Unicode In- 
stallScript sup- 
port. Enhanced 
Script Editor, 
and pre- and 

post-event building. InstallShield 2011 can 
carry out installations on 32- and 64-bit 
platforms, create MSI installations (via 
64-bit repackaging), and deploy virtual 
apps. InstallShield 2011 also includes 
.NET Framework prerequisites to maxi- 
mize efficiency for installing required 
applications and components. 



FLE 



■ FrontRange Solutions Service Catalog 

FrontRange Solutions launched a Ser- 
vice Catalog solution designed to create 
service offerings, design fulfillment work- 
flow, and publish a portfolio of IT services 
to the business quickly and easily. 
Features include a multiuser interface; 
out-of-the-box templates; a graphical 
workflow engine; intuitive service design 
templates; and configurable self service, 
SLM, and cost capabilities. 

■ IBM BigFix Unified Management 
Software Platform 

IBM is now delivering the recently 
acquired BigFix Unified Management 
Software Platform, which can identify all 
operating PCs, laptops, servers, point-of- 
sale systems, and virtual devices in a com- 
pany' s inventory. A single dashboard 
allows administrators to deploy updates 
and fixes across as many as 500,000 
machines. Organizations can view and 
report on security policies and system con- 
figurations of all company devices. 

■ Lantronix AccessMyDevice.com 

Lantronix announced AccessMyDevice 
.com, an Internet-based service that enables 
business and technology professionals to 
view, manage, control, and service almost 
any device from a Web browser. The ser- 
vice will allow remote access to PCs, lap- 
tops and mobile devices, servers, and other 
electronics, even those not originally 
designed with networking capabilities. 
Features include secure, 24/7 browser- 
based access to virtually any machine; 
operating system-independent compatibility 
with Linux, Windows, Mac, and devices 
with KVM support; BIOS-level access; vir- 
tual media support for remote upgrades; 
and wake-on-LAN to remotely wake up a 
device that is turned off to save energy 
costs and system usage. 

■ Neptuny Caplan 3.3 

Neptuny released its Caplan 3.3 solu- 
tion. It features virtualization planning; 
benchmark management; data source inte- 
gration; and tagging, filtering, and search- 
ing enhancements. With Caplan 3.3, users 
can manage VMware ESX environments, 
create custom benchmarks in addition to 
standard ones, and connect to IBM Tivoli 
Monitoring and VMware vCenter. 



Storage 



■ Actuate Xenos Enterprise Server 
Version 2.0 

Actuate announced the Xenos Enter- 
prise Server Version 2.0, which is 
designed to address the High Volume 
Transactional Output business challenges 
of large enterprise environments. Version 
2.0 enables organizations with vast vol- 
umes of data and electronically archived 
documents in disparate formats to extract, 
transform, repurpose and personalize 
information. The result is optimal storage, 
real-time access, online presentment, PDF 
accessibility, printing, and delivery of 
information in numerous formats across 
multiple channels for data-driven busi- 
ness applications. The features are ideal 
for enterprises that want to optimize 



O xenos 

a division of ACTUATE, 



Intelligent 
Content 
for the 
Enterprise 



Enterprise Content Management invest- 
ments. To see a full list of new features in 
Xenos ES 2.0, visit www.xeno.com/ 
products/xenos-enterprise-server/features. 

■ Coraid EtherDrive SRX4200 

Coraid launched its latest high-density 
Ethernet SAN array, the EtherDrive 
SRX4200, which is ideally suited to the 
demands of high-performance cloud and 
enterprise data centers. Features include 
support for up to 36 SATA, SAS, or SSD 
drives into a four rack-unit chassis and a 
RESTful storage management interface. 
The SRX4200 starts at less than $600 
per terabyte. 

■ EMC Unisphere 

EMC announced that its CLARiiON 
and Celerra storage platforms have been 
updated with new capabilities and dubbed 
EMC Unisphere. Using EMC Unisphere 
management software, users can perform 
tuning for application workloads in less 
time, simplifying common task manage- 
ment, and improving storage consumption 
for less active data by up to 50%. 

■ Iomega USB 3.0 eGo Portable Hard Drives 

Iomega announced that its range of 
eGo USB portable hard drives will move 
to the SuperSpeed USB 3.0 standard. 
The USB 3.0 eGo drives will also come 
with hardware-based 256-bit AES en- 
cryption and Drop Guard Xtreme con- 
struction. The drives are compatible with 
USB 2.0 computers. 

■ SanDisk iSSD 

SanDisk released its integrated solid-state 
drive, or iSSD, which is smaller than a 
postage stamp, the company says. Made for 
tablet PCs, ultra-thin notebooks, and 
embedded systems, the iSSD uses the 
SATA interface via a solderable ball grid 
array. It's available in 4 to 64GB capacities. 

■ Super Micro Double-Sided Storage SC417 

Super Micro introduced the Double- 
Sided Storage SC417, which is a storage 
server that supports up to 72 SAS2 6Gbps 
HDDs, or up to 88 in JBOD, in a 4U chas- 
sis. Features include 1 ,400- watt redundant 
power supplies and support for UP and DP 
serverboards capable of running eight-core 
Xeon 5600 or 12-core Opteron processors 
for up to 288GB of memory. 

■ Viking Modular Solutions SATADIMM 

Viking Modular Solutions announced the 
SATADIMM, which is an enterprise-class 
SATA II SSD in an industry-standard 
DDR3 240-pin DIMM form factor. The 
SATADIMM is designed to let you increase 
the capacity and storage performance of an 
existing server, storage, or cloud computing 
environment. It also allows system design- 
ers new options and greater flexibility when 
creating new server designs. 



Security 



■ Addonics Cipher Drive SC 

Addonics released the Cipher Drive SC, 
an external portable hard drive that features 
256-bit AES hardware encryption with 
NIST and FIPS certification and a Smart 
Card reader and a security keypad. It's 
made for two-level authentication and 
designed to prevent the need for users to 
enter passwords into the host computer. The 
Cipher Drive SC comes with both USB 2.0 
and Fire Wire 800Mbps interface support. 



CIPHER DRIVE SC 




The company listed a $579 price for the 
500GB version in its product announce- 
ment. However, at press time, Addonics' 
Web site had the drive marked at $499.95. 

■ Email Encryption 

& Authentication Gateway 

The open-source email encryption firm 
Djigzo and Comodo, a certificate authori- 
ty and Internet security company, have 
created a comprehensive email encryption 
and authentication offering. The joint 
offering enables users to implement a 
fully automated certificate request proce- 
dure for the enterprise. 

■ Entrust Secure Email Certificates 

Entrust announced the addition of 
Secure Email Certificates to its certificate 
management service, a feature designed to 
offer a cost-effective way for users to 
secure important documents. Based on the 
X.509 certificate standard, features 
include digital signature capabilities and 
encryption of emails and other documents. 

■ Hypercom HyperSafe 
Secure EFTSec Server 2.0 

Hypercom released HyperSafe Secure 
EFTSec Server 2.0, a point-to-point pay- 
ment data-encryption system for proces- 
sors and ISOs that support U.S. -based Tier 
4 merchants that use Optimum T4200 
countertop and M4200 mobile payment 
terminals. EFTSec 2.0 specifically en- 
crypts cardholder data during the transac- 
tion process beginning at the payment 
terminal on through a trusted point where 
data is decrypted. 

■ STOPLock STOP Security Plate 

STOPLock protects laptops and other 
vulnerable IT equipment from theft and 
loss by providing a cable locking system 
that snaps into STOP'S specially designed 
STOP Security Plate. The security plate 
includes a bar-coded ID and 24/7 toll-free 
hotline number. If the plate is removed, a 
"stolen property" tattoo will remain 
imprinted on the product. 



Messaging & Telephony 



■ Counterpath Bria iPhone Edition 1.1 

Counterpath released the Bria iPhone 
Edition 1.1, a VoIP software package for 
3G and Wi-Fi networks. It's compatible 
with the iPad and iPod touch and offers 
multitasking capabilities that let users ref- 
erence other applications during a call. 
Features include full SIP compliance; 
G.711, G.729, and GSM codecs; DTMF 
support; call encryption; and optional cus- 
tomized branding. 

■ Multi-Tech Systems FaxFinder 2.1 

Multi-Tech Systems released FaxFinder 
2.1. The fax-to-email server includes 
updated features that let users send and 
receive faxes from a computer using 
Microsoft Word, Excel, or PowerPoint. 
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MultiTechA 

Systems 




Additionally, customers group their con- 
tacts to quickly create and distribute faxes, 
and both individual and global contact 
lists are available. Users can enjoy better 
control and visibility by fax administrators 
and archive outbound faxes in a network 
drive. FaxFinder supports third-party 
applications via the Web services API, and 
FaxFinder 2.1 is available with all models. 
Upgrades can be downloaded at the Multi- 
Tech Web site. 



Servers 



■ IBM P0WER7 Systems 

IBM launched its latest POWER? sys- 
tems, which are designed to suit the 
demanding workload and emerging appli- 
cations needs of medium-sized and large 
businesses. The data center-centric offer- 
ings consist of servers, software, and IBM's 
PowerVM virtualization capabilities, 
including the high-end IBM Power 795 




system with 256 cores and up to STB of 
memory; four entry-level POWER? proces- 
sor-based servers ideally suited to the needs 
of midsized organizations, including the 
IBM Power 710, 720, 730 and 740 Express; 
and a P0WER7 processor-based, work- 
load-optimized Smart Analytics System 
that lets users cull actionable information 
from huge volumes of data in real time. 



Other announcements include the release 
of IBM's latest Unix operating system, 
AIX 7. The systems are priced starting 
at $6,385. 

■ Win Enterprises PL-80160 

Win Enterprises announced its PL-80160 
2U rackmount network system. It supports 
Intel Xeon Core 17, 15, 13, and Pentium 
Dual Core processors and comes with a 
maximum 16GB dual-channel DDR3 
800/1066/1333MHZ system memory. The 
PL-80610 is also configurable to include up 



iutn 



enierpri* 



rises 



to 32 GbE LAN ports. It includes 3.5-inch 
SATA HDD and CompactFlash storage 
interfaces and an optional Cavium Nitrox 
PX cnl6xx security co-processor that can 
be used for multisecurity protocol com- 
mands. The PL-80610 can support up to 26 
fiber LAN ports and is RoHS, FCC, and 
CE compliant. 



Clients 



■ Appian BPM Suite 

Appian released the latest version 
of the Appian BPM Suite, which gives 
users the ability to create process appli- 
cations that integrate their enterprise 
data and scale to handle large process 
volumes and load. Upgraded features 
include data store integration, busi- 
ness designer empowerment, master 
data management, and data defini- 
tion portability. 

■ InFocus IN3914 

& IN3916 Interactive Projectors 

InFocus launched its IN3914 and IN3916 
interactive projectors. The projectors are 
equipped with InFocus LiteBoard technolo- 
gy, which lets users interact with projected 
images on any surface from anywhere in the 
room. Other features include an ergonomic 



wand that works like a mouse, 20-watt 
stereo sound, short throw projection, and 
connectivity with computers and video 
sources for collaboration. 

■ Kyocera Mita FS-C2026MFP, FS-C2126MFP 

Kyocera Mita released color multifunc- 
tional printers meant to combine low TCO 
with high image quality, the company says. 
The FS-C2026MFP ($3,549) and FS- 
C2126MFP ($3,999) are both 28ppm units 
with 200,000 page preventive maintenance 
schedules, long-life consumables, and 
Energy Star compliance. Both units can 
color print, copy, and scan. 




■ OKI Datapro510DW 

OKI Data has released the proSlODW, a 
digital Web press that costs less than 
$46,000 and can produce up to 85,000 
prints daily, as well as short-run color con- 
tinuous tags and labels. The press supports 
an optional rewinder for roll-to-roll printing 
for expanded usage in production applica- 
tions. Part of the company's proColorTM 
Series, which includes toner-based LED 
products, the pro510DW produces continu- 
ous Web printing at up to 30 feet per minute 
(or 5.1 -inch per second slew rate) and can 
handle a 2,500-foot roll of stock. Paper, 
labels, and various tag stocks are supported. 
Automatic print cut and reload between 
print jobs is included. 

■ Plustek SmartOffice PS286 Plus 

Plustek has released the SmartOffice 
PS286 Plus ($449) document scanner. 
The PS286 features a 50 image-per- 
minute duplex scan time, scan-to-FTP via 
DocAction, and A3-sized document scan- 
ning via internal image stitching. The 
scanner includes a 1,500 daily duty cycle 
and can scan business documents up to 



14 inches long, as well as rigid cards up 
to 1 .2mm thick. 

■ Smith Micro SendStuffNow For Android 

Smith Micro introduced SendStuffNow 
for Android devices, so you can securely 
send large files, track the delivery of mes- 
sages, and let others access files that have 
already been uploaded. The application lets 
users upload and share photos and videos 
captured on Android-based devices, as well. 
SendStuffNow runs on an Android 2.0 (or 
higher) operating system. 

■ Spoon Browser Sandbox 

Spoon announced the latest version of its 
free Browser Sandbox application. It allows 
the use of multiple Web browsers, including 
Windows Internet Explorer 9, Firefox 4, and 
Google Chrome 5 without needing to install 
them as well as the abilities to launch appU- 
cations within Chrome and Opera. 

■ Wyse Technology Embedded Standard 7 

Wyse Technology released a family of 
desktop and mobile thin clients based on the 
Microsoft Windows Embedded Standard 7 
operating system. Windows Embedded 
Standard 7 delivers the power, familiarity, 
and reliability of the popular Windows 7 
operating system customizable and compo- 
nentized form, including support for 
Microsoft SCCM-based management and 
RDP 7 technologies. Windows Embedded 
Standard 7 provides connectivity to virtual- 
ized public and private cloud environments. 
The products include the latest Microsoft 
virtual remote desktop protocol, Citrix 
Online Plug-in with HDX support, and 
VMware View 4.5 support. 



Services 



■ Novell WorkloadlQ 

Novell announced WorkloadlQ, a suite of 
tools designed to help customers deliver IT 
services to users across physical, virtual, 
and cloud environments by integrating iden- 
tity and security into IT workloads. 
WorkloadlQ features a modular design and 
supports the entire IWM "build, secure, 
manage, and measure" life cycle. 
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GREEN TECH & TIPS 



Key Green IT Initiatives: Recognize Drivers, Obstacles 



BY ROD SCHER 



Analysts from Info-Tech Research Group recently examined green IT initiatives, 
seeking to determine what contributed to tlieir success — or failure. Four factors helped 
initiatives succeed: a strong and well-communicated adoption rationale, an urgent need to 
comply with environmental laws, the presence of sufficient resources to back up the 
initiatives, and stakeholder support — especially at high levels. 



Key Initiatives 

Info-Tech identified nine key initiatives, 
dividing them into three groups: low- 
hanging fruit, which are quick, easy wins 
that result in direct cost savings; signifi- 
cant cost-cutting initiatives, which are 
those that result in direct cost savings but 
require a longer and more costly imple- 
mentation; and future savings initiatives, 
which are complex projects that can cut 
future operational costs. 

Four initiatives were characterized as 
low-hanging fruit: IT equipment recy- 
cling, printer consolidation and reduc- 
tion, end-user device power manage- 
ment, and telecommuting. Three others 
were determined to be more difficult to 
implement but resulted in significant 
cost-cutting for the enterprise: remote 
conferencing and collaboration, storage 
consolidation, and server virtualization 
and consolidation. Finally, two more ini- 
tiatives were designated as complex, 
long-term investments: server room build 
or renovation and IT energy measure- 
ment tools and techniques. 



Overcoming Obstacles 

The argument for green IT ini- 
tiatives is simple: As Info-Tech's 
report notes, "Not only do green IT 
projects yield environmental benefits, but 
most also have business benefits that orga- 
nizations of all sizes can realize." 

But a strong argument, in and of itself, 
does not guarantee success. The above- 
noted success factors must be present, 
and beyond that, other issues must be 
addressed. One is simply the lack of IT 
staffing and resources. 

Almost any green tech initiative requires 
IT resources. Take telecommuting: It's fair- 
ly simple to implement, and it results in 
immediate cost savings; in addition, it 
reduces an organization's environmental 
impact by reducing its fuel consumption. 
However, it requires the presence and avail- 
ability of knowledgeable IT staff to acquire 
and configure videoconferencing equip- 
ment, to set up collaboration tools, and to 
train staff in their use. Absent an appropri- 
ate level of staffing, what starts out as 
a seemingly straightforward initiative 




is doomed to 
instead become a 
high-profile failure. 

Show Me The Money 

Being able to point to concrete reduc- 
tions in energy costs can help ensure the 
success of green IT initiatives and pro- 
mote high-level buy-in. Info-Tech lead 
analyst Darin Stahl notes, "Internal IT 
resources are scarce, and they are allocat- 
ed typically based on cost/benefit to the 
enterprise. One way to put green IT on an 
equal footing within that decision frame- 
work is to measure energy costs." 

Take the replacement of hardware — 
almost any hardware. Chances are very 
good that a new piece of equipment is 



more energy-efficient than its 
predecessor. That increased 
efficiency can be measured 
and so can the decrease 
in costs that result from 
its installation. 
Consider a new server room 
AC unit. The new one is almost 
certainly more efficient than the 
one you're replacing: "A typical 
commercial AC unit that was provi- 
sioned in the server room 10 or 15 
years ago would have heat removal 
capacity of around 7W per square 
foot," Stahl says. "A new basic unit 
today would offer heat removal at 
around SOW per square foot. So what? 
Well, the IT group was going to refresh 
the AC anyway, but by highlighting the 
cost difference from the starting base- 
line, IT can begin to build funding 
momentum toward more green IT initia- 
tives. Show the savings that the organi- 
zation is simply stumbling upon, and IT 
will eventually be allowed to pursue 
more focused green initiatives." 

The idea, say analysts, is to measure 
baseline costs and then account for savings 
that can be attributed to green tech. That 
honest and helpful accounting will result in 
more freedom to pursue more green tech 
initiatives. Getting buy-in is easy when you 
can show them the money. 



Setting Up A Private Cloud 



Continued from Page 1 
while meeting regulatory and corporate 
compliance requirements, and how the 
services will be accessed (automated self- 
service or high- touch). 

Private clouds 
don't have to 
be a wholesale 
redesign of 
an entire 
infrastructure. 

I 

In general, the IT manager should align 
the sources for cloud computing with the 
enterprise's business characteristics and 
appetite for savings and risk mitigation, 
Duckett notes. 

Setting Up The Cloud 

Once an enterprise has determined that a 
private cloud is the best choice, the next 
step is to look at implementation. 

In the simplest definition of implemen- 
tation, some organizations just use virtual- 
ization as a proxy for a cloud environment 
and run their own infrastructures, says 
Rob luncker, vice president of technology 
operations at Shavlik Technologies 
(www.shavlik.com). "I have issues with 
this definition and consider a true 'private 
cloud experience' being one where the 



software being implemented is residing 
truly in the cloud," he says. "That defini- 
tion being the case, the setup of this envi- 
ronment really depends on the vendor you 
choose and how turnkey the implementa- 
tion is as far as the application goes." 

On one hand, there are vendors offering 
a click-and-run approach, which allows an 
SME to determine the systems it wants 
and be up and running with very little 
effort. In other cases, large data center 
vendors offer a truly private cloud experi- 
ence where the enterprise is providing host 
machines, setting up the infrastructure, 
and dealing with applications. 

"Similar to any IT project, foresight and 
experienced project management is a 
must," says Christopher Sousa, manager 
of managed services at Dataprise (www 
.dataprise.com). "Prior to beginning the 
project, the IT manager must work with 
key management personnel to establish 
timelines, milestones, sub-goals, test phas- 
es, implementation, and documentation. 
Effective communication is critical to the 
success of any major IT project." 

He adds that in designing the cloud 
infrastructure, IT managers must verify 
application compatibility, determine secu- 
rity protocols and encryption, design 
physical and logical infrastructure, and 
establish representative test groups to 
confirm viability for operations. Also cru- 
cial is verifying connectivity, ensuring 
local hardware compatibility, training 
users, and creating documentation. 

Going Forward 

According to Sousa, a private cloud 
infrastructure provides centralized net- 
work resources at a remote location. Users 



are able to securely connect to the network 
resources from anywhere via the Internet, 
and applications and data are processed 
remotely by the network resources and 
delivered locally to user workstations. 
"This reduces local processing require- 
ments, enabling less expensive local 
hardware and longer hardware refresh 
cycles," Sousa says. "The remote network 
resources are backed up and/or replicated 
to protect critical data, and all modifica- 
tion to network resources are managed at 
the remote site." 

Once the IT department has done all the 
heavy lifting of putting in an agile, auto- 
mated, and adaptive infrastructure, users 
will get access to dependable IT services 
through a self-service portal, ffouUces notes. 

How well it works depends on the quali- 
ty of implementation, he adds: "The 
underlying resources must have the char- 
acteristics required to make the services 



being offered run as advertised. Some 
applications don't run well on virtualized 
systems. Some applications require high- 
bandwidth, low-latency networks. Some 
require large memory." 

Also, the new system should have intel- 
ligent governance, says ffoulkes, who 
believes that there will always be con- 
tention for resources, systems will fail, and 
business conditions will change, so service 
reservations and even resource configura- 
tions will have to be adjusted accordingly, 
and IT managers should anticipate this 
type of governance structure. 

Despite the effort that it takes to imple- 
ment a private cloud, ffoulkes is convinced 
that it can have far-reaching benefits. 
"Cloud computing increases utilization lev- 
els of existing resources and reduces IT 
costs," he says. "How many IT organiza- 
tions cannot benefit in some way from such 
a wide range of possible advantages?" 01 



Common Misconceptions 



According to Christopher 
Sousa, manager of managed 
services at Dataprise (www 
.dataprise.com), there are 
some major misconceptions 
when it comes to private 
clouds. Here are a few of the 
more common ones: 

Private clouds reduce net- 
work speed and respon- 
siveness. Often, cloud-based 
infrastructures employ greater 
processing power than most 
onsite networks. 

Private clouds are less 
secure than local networks. 



Many organizations are con- 
cerned about transmitting 
proprietary data over the 
Internet to a private cloud. 
The truth is that private 
clouds can be provisioned 
with the same security proto- 
cols as local networks, and 
virtually all private clouds uti- 
lize some form of encryption 
for communications between 
local users and the cloud. 

Any application can be 
hosted in a private cloud. 

Many applications are not 
compatible with a cloud- 
based network or require an 



updated version to function in 
cloud environments. 

Private clouds are less 
customizable or scalable 
than local networks. Private 
clouds can be customized 
in many of the same configu- 
rations as local networks. 
Whether an enterprise utilizes 
clustering, remote backups, 
customized applications, or 
other elements, private 
clouds can support many 
configurations and can be 
scaled to meet the require- 
ments of the organization. 
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> Auto-Discovery of Sentry CDUs 

> Alarms 




PRIMARY ETHERNET PIPELINE 



WEB BASED CDU INTERFACE 




Save 
Time, 
Money 
and 
Energy! 

/7j AIRBLOCK 

/ /'^ DATA CENTER SYSTEMS 



Sentry: POPS Switclied CDU 

with Device Monitoring 

> Rack Level Power [Vlanagement 

> Outlet Power Monitoring (POPS) 

> Input Power Monitoring 

> Environmental Monitoring 

> Outlet Groups 

> Alarms 




Mountiings custom 
Designed for Your 
Data Center 

Use the AirBlock OCT mounting system for quick and easy installation 
and reconfiguration of data center curtains. Make changes, extend 
walls, add blanks - all in just a few minutes. 

• Continuous threaded channels provide unlimited attachnnent points 
and flexibility to configure systenri. 

• Works with fusible links. Curtainsfallaway in case of fire, allowing 
sprinklers full operational range. 

. Quickly installs toT-bar ceilings, hard decks, or suspended with 
threaded rod. Also can be used to attach curtains or rigid panels to 
racks or the floor. 

Call Sinnplex or visit our website. See our complete line of curtains, 
partitions, doors and accessories. 

PjlslMMVL^JK Call your dealer today: 1.800.854.7951 

' ISOLATION SYSTEMS Email: sales@simplex.net' sinnplexisolationsystems.com 



With Sentry Power Manager™ (SPM) m 
_and Sent ry POP^ (Per Outlet Power Sensing ) CDU's! 

Server Technolosy 



Solutions for the Data Center tf 1.300.835.1515 www.servertech.conn 

Equipment Cabinet tel 1.775.284.2000 salesgiservertech.com 
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For more Upcoming IT Events, see page 3. 



AITP Pittsburgh 
Sept. 20 
Slovak Catholic Sol<ol 
205 Madison St. Road 
Venetia, Pa. 
www.aitp-pgh.org 
AITP's Association Outstanding 
Chapter Award Winner 



VIVIware vSphere: 
Install, Configure, Manage Class 
Sept. 20-24 
Platform Labs 
1275 Kinnear Road 

Columbus, Ohio 
www.platformlab.org 



AITP Long Island 

Sept. 21 
www.aitp-li.org 



AITP Southwest Missouri 
Sept. 21 
Springfield, Mo. 
aitpspringfield.org 



ISSA St. Louis Chapter 
Sept. 21 
St. Louis, Mo. 
stl.issa.org 



Oklahoma City AITP Chapter 
Sept. 21 
Oklahoma City, Okla. 
www.aitp.org/organization/chapters 
/chapterhome.jsp?chapter=40 

AITP Lehigh Valley 
Sept. 22 
Fleetwood, Pa. 
www.lv-aitp.org 



ISSA Baltimore 
Sept. 22, 4:30 p.m. 
Sparta Inc. 
71 10 Samuel Morse Drive, 
Suite 200 
Columbia, Md. 
www.issa-balt.org 



AITP California Southland 

Sept. 22 
www.aitpcalsouthland.org 



AFCOM Central Texas 
Sept. 23 
Austin, Texas 
www.afcom.com/afcomnew 
/CentralTexas.HTML 



ISSA Des Moines 
Sept. 27 
3920 SW Camden Circle 

Ankeny, Iowa 
www.issa-desmoines.org 



AITP Akron 

Sept. 28 
Akron, Ohio 
www.akron-aitp.org 



ISSA Inland Empire 
Sept. 28, 11:30 a.m. 
Coco's Restaurant and Bakery 
60 West Foothill Blvd. 
Upland, Calif. 
ie.issa.org 



Tech Tomorrow: 
A CIO Leadership Exchange 
Sept. 29-Oct. 1 
Ohio Union at The Ohio State University 
Columbus, Ohio 
www.techtomorrow.org 

- OCTOBER - 

Data Center World 
Oct. 3-6 

Mirage Hotel and Convention Center 
Las Vegas, Nev. 
www.datacenterworld.com 



AITP Garden State 
Oct. 12 
Jim Johnston's Steakhouse 
58 Eisenhower Parkway Mountain Plaza 
Roseland, N.J. 
tech.groups.yahoo.com/group 
/aitpgardenstatechapter 



AITP Richmond 
Oct. 12 
2015 Staples Mill Road 
Richmond, Va. 
www.aitprich.org 



COVER FOCUS 



The Public vs. Private 



Cloud Debate 

Business & Application Requirements Fuel 
The Decision Between Public & Private Clouds 



by Christian Perry 

As CLOUD TECHNOLOGY moves forward at a 
blistering pace, enterprises now find them- 
selves flush with options that aren't neces- 
sarily a breeze to navigate. On one end of 
the cloud spectrum are public clouds offer- 
ing a huge range of affordable services, and 
on the other are private clouds that can be 
precisely tailored to an organization's envi- 
ronment. These options leave enterprises 
with some difficult choices that require 
equal parts introspection and forecasting. 



Key Points 



• Public clouds can offer secure, inexpen- 
sive environments that cover a wide range 
of services for enterprises that are flexible 
with their needs. 

• Enterprises that require heavy security, 
privacy, or customization often choose 
private clouds over public offerings. 

• Because business and application needs 
often vary within an organization, a hy- 
brid public/private strategy can be the 
best solution. 



"Public and private clouds are very similar 
in terms of construction and infrastructure," 
says Steve Gruetter, director of Platform Lab 
(www.platformlab.org). "The difference 
comes in how the virtual machines are 
deployed and managed. If clients are looking 
for a more hands-on solution for their pro- 
jects with enhanced security, functionality, 
and usability, they will select a private cloud 
solution. If a client is looking for easy access 
to generic infrastructure for file storage, 
email hosting, or other basic services, a pub- 
lic cloud is more than adequate and available 
at an outstanding value." 

Flipping Tlie Cloud Coin 

On a basic level, public and private 
clouds differ in the same way as other pub- 
lic and private services. Siki Giunta, vice 
president of cloud computing and software 
services at CSC (www.csc.com), explains 
that public cloud resources are shared 
among many people that have no affinity, 
whereas a private cloud provides infrastruc- 
ture resources as an on-demand service to a 
single organization from shared pools of 
computing and storage resources among the 
organization's employees. 

"Both types of clouds provide broad net- 
work access to a shared pool of resources 
that can be rapidly provisioned when need- 
ed and released when not in use," Giunta 
says. "Once established, end users need to 
be able to access this resource pool without 
IT intervention or service provider interac- 
tion. A private or public cloud delivers a 
metered/measured service, like electricity, 
with the ability to bill back based on usage." 

Differences between public and private 
clouds emerge when considering factors 
such as pricing, security, and customization. 
For example, Gruetter notes that public 
clouds offer excellent flexibility when it 



comes to price and terms of 
service because customers 
can purchase service by the 
hour at price points below 
a dollar. Further, 
popular public 
cloud providers 
can take a credit 
card up front and then 
deliver a variety of platforms with 
CPU, RAM, and storage allocated at any of 
several predetermined combinations. Public 
clouds, he adds, also have overcome some 
early security problems and now generally 
offer secure access to systems and data. 

"The private cloud vendors will work 
closely with the client base to provide a cus- 
tom-configured solution, as opposed to the 
predetermined selections on the public 
cloud programming interface," Gruetter 
says. "The private cloud will also offer price 
points and cUent terms that match what their 
clients are requesting for their core service 
to provide the best overall value." 

Although public options can serve as a 
safe entry into the world of cloud services, 
some enterprises might be better served 
using private clouds first. Scott Morrison, 
CTO and chief architect at Layer 7 
Technologies (www.layer7tech.com), says 
that private clouds are an effective stepping 
stone to public clouds because they let an 
organization carefully control who is using 
the cloud and because they provide the con- 
trolled environment necessary to enable cer- 
tain architectural and operational changes. 

On the other hand, he adds, private 
clouds can be expensive to set up and run. 
In fact, the decision between public and 
private clouds often rests on dollars and 
cents, Giunta says — if service-level agree- 
ments are in place on the public cloud and 
the product you need is available, the 
public cloud can help you improve your 
bottom line. But as architecture choices 
continue to expand for both public and 
private clouds, enterprises aren't neces- 
sarily forced to choose one or the other. 

The Hybrid Path ' 

Depending on their needs, some organiza- 
tions find that using both public and private 
clouds is an effective strategy. According to 
Jamie Duke, COO at SciQuest (www 
.sciquest.com), hybrid public/private clouds 
allow enterprises to maintain the freedom to 
access the viability of both platforms on a 
case-by-case basis that considers both the 
business function involved and the appUca- | 
tions required. 

"Take, for example, a global financial 
services company. Mail and collaboration 
is important but not strategic, so moving 
mail to a public cloud could improve 
availability while decreasing cost," Giunta 
says. "On the flip side, you may have a 
loan application that is strategic to your 
growth, and because of the sensitive 
nature of the application and data, you 
choose a private cloud. Every organization 
will have to find the right balance of pub- 
lic and private cloud services based on the 
requirements dictated by their business." | 




Because business requirements can vary 
widely not only between enterprises but also 
within an enterprise itself, both public and 
private clouds can easUy find their way into 
a single establishment. Morrison recom- 
mends using a public cloud when your data 
doesn't have significant privacy risks or 
compliance requirements associated with it. 
He also recommends using a public cloud 
when the appUcation can easily stand alone 
or integrate with internal IT through browser 
access and simple, loosely coupled commu- 
nications architectures that are tolerant of 
high latency. 

"Use public clouds when a large number 
of compute cycles is needed for a limited 
period of time or when your application 
has widely varying capacity require- 
ments — such as a Web store that will see 
continuously increasing and difficult-to- 
predict traffic approaching Christmas," 
Morrison says. "Use a private cloud as a 
stepping stone to public cloud computing. 
Use it to learn about building cloud apps 
in a controlled environment. Use private 
clouds when data cannot go outside of the 
organization's domains." ^ 

Public Or Private? 

The choice of a public or private cloud rides 
heavily on your business and other require- 
ments. Steve Gruetter, director of Platform Lab 
(www.platformlab.org), identifies situations that 
are better suited to one or the other platform. 

Public Cloud 

• Organizations that want to take advan- 
tage of a production cloud offering 

• Organizations that can take advantage 
of standard environments that are ac- 
cessed online 

• Organizations looking to utilize infrastruc- 
ture for a project or hosted solution that 
doesn't require excessive customization 

• Organizations with projects that require 
massive storage 

Private Cloud 

• Organizations that need to maintain total 
security and control 

• Organizations that need to ramp up a 
particular project that has specific needs, 
such as load tests 

• Organizations that want to run highly spe- 
cific applications 

• Organizations with a project that requires a 
client-specific environment (such as a mir- 
rored data center or an in-house test lab) 
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Unique Features 



{ All Circuit Breakers Monitored 

Most metered power solutions only monitor input power. BayTecli 
monitors all circuit breakers and reports via SNIVIP when thresh- 
olds are met. 

{ Optional Outlet Metering with Effioienoy 

IVIonitor individual outlets and receive current, watts, and volt- 
amps. Continuously monitoring equipment for efficiency with 
power factor. 

{ High Retention C13 Reoeptaole 

Reliable integrated locking clips assure power cord retention. 
Unique to the industry and does away with nuisance wire clips. 

{ Reliable ROB Rower Distribution 

ISO's (Insulation Displacement) connectors are faulty and unreliable! 
All BayTech power solutions use reliable PCB power distribution. 

{ Integrated Sensor Inputs 

Eliminate the need for extra environmental monitoring devices. All 
BayTech power solutions offer two ports for external temperature 
and humidity probes. 



Build Custom Power Solutions 
with Standard Modular Product 

BayTech's MRP Modular Rack Power system provides reliable power 
distribution with maximum flexibility for receptacle selectionand power input. 

BayTech offers three classes of the MRP system. Switched and monitored, 
simply monitored and individual receptacle monitoring. 

User friendly interface for controlling power to receptacles, monitoring 
Current, Voltage, Watts, Temperature, Humidity, and KW Hour Meter. 



Standard Features 

• High and Low Density Models 

• 120/208/AC Single Phase 

• 208/400VAC Three Phase 

• 20,30,50,60 Amp Support 

• On/Off Reboot Control 

• HTTPS,SSH, SSL Access 

• Radius, TACACS Authentication 

• Tool less Mounting 



Unique Features 

• Modular Design 

• All Circuit Breakers Monitored 

• KW Hour Meter 

• Current, Voltage and Watt Meters 

• Integrated Locking C13 Receptacle 
(Optional) 

• Reliable PCB Power Distribution 



Bay Technical Assoc. Inc. 5239 A Avenue Long Beach, MS 39560 Tel: 228-563-7334 Fax: 228-563-7335 sales@baytech.net 
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standard Model - Was $225... Now $195 
Rack Model - Was $275... Now $225 



Prepare For The Unexpected With TemPageR 

N 



_ jooncknowswhenorhowdisasterwill 
strike. We just know the potential is always there. 
So preparation is crucial to minimizing its impact 
on computers, networks, users & business. 

When a temperature related disaster occurs, 
tliere are significant costs in ai-eas tltat go far 
beyond the simple replacement of dainaged 
hardware. This is because what happens in the 
data center elTecLs the entire organi;?alion. If 
disaster strikes your facility, how will it impact 
business? Who will get the blame? Could it 
have been prevented? What will it cost? 




Standard $195 
Rack Mount $225 



TemPageR Includes: 

' Buill-in Dig] Temperature Sensor 

• External Digital Temperature Sensor 

• Monitor Range: -67' - 257° F (-S5° - 1 2,=i' C) 

• Accuracy Range: +/- 0. 1 2.i Percent 

• .^V Power Adapter, Facttiry Reset Butttin 

• Ciraphing, Logging & Alerting Software 



AVTECH's TemPageR is a powerfiil 
solution for real-time temperature monitoring 
in a computer room, data center or other 
facility. TemPageR arrives assembled with 
easy to install hardware, cables, sensors, 
casy-to-usc logging, graphing & alerting 
software, printed documentation, full 
technical support and a '30-Day Satisfaction 
Guarantee'. Users can complete installalion 
in utider 10 minutes. 

TemPageR monitors temperature in 
environments such as phone or wiring closets, 
critical rack cabinets, large computer rooms 
or data centers, multi-building facilities and 
more. Staff can be alerted by any incthod 
and take automatic corrective action. Start 
protecting your facility now... Don ) wuil until 
it 's too late! 

Call or Visit Us Online Today 

AAVTECH 

888.220.6700 • 401.628.1600 
AVTECH.com 



Protect Your IT Facility... Don't Wait Until It's Too Late!' 
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MovinCool CM25 



NEW PRODUCT 



by Tessa Warner Breneman 



An Affordable, Energy-Efficient, Ceiling- 
Mounted A/C Designed For Server Rooms 



By now you undoubtedly know that, 
with all your servers and other machines 
running nonstop, it's easy for your data 
center or server room to reach tempera- 
ture levels high enough to damage heat- 
sensitive equipment. Because damaged 
equipment is costly to fix and could 
result in data loss, you need a cost-effec- 
tive cooling solution to address tempera- 
ture issues in your data center. 

The MovinCool CM25 offers a total 
cooling capacity of 25,000BTU/h, making 
it the industry's first ceiling-mounted, self- 
contained air conditioner with that high of 
a cooling capacity, and its $6,995 price tag 
is lower than conventional solutions such 
as precision cooling systems. The CM25 
also provides a high sensible cooling 
capacity of 18,900BTU/h and is made 
specifically for server rooms and other 
environments with dense heat loads. The 
air conditioner boasts a SEER (Seasonal 
Energy Efficiency Ratio) rating of 14, due 
in part to energy-saving elements such as 
its variable-speed inverter compressor and 
inverter fan motors. The CM25 also boasts 
green features such as R-410A refrigerant 
and RoHS compliance. 

With a built-in mounting bracket, 
flanges, and vibration isolators, the CM25 



MOVINCOOL 

THE #1 SPOT COOLING SOLUTION 



is easy to install into any environment 
with all the standard tools you likely 
already have. Just 20 inches high, the 
CM25 is designed to fit above drop ceil- 
ings and in server rooms with limited floor 



MovinCool CM25 ' ^' 

A ceiling-mounted air conditioner that provides an ener- 
gy-efficient cooling solution for data centers, server 
rooms, and otfier environments witti tiigfi tieat loads. 
$6,995 

space. And because it is self-contained, 
the CM25 won't need refrigerant connec- 
tions, further reducing installation costs. 

The wall-mounted controller, which 
comes standard on all CM25s, provides 
advanced communications, monitoring, 
and self-diagnosis, so it's easy for IT 
personnel to manage. Plus, it works with 
your fire alarm controls and connects to 
the building control system for safe and 
simple management. 



) 264-9573 
www.movincool.com 
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A Fresh Start 

With Cloud Computing 



Use A Move To The Cloud As An Opportunity 
To Straighten Out Bad Habits 



by Rod Seller 

Is THERE REALLY such a thing as a perfect 
IT organization? In spite of intelligent, 
experienced, well-meaning managers and 
staff, they all suffer to some extent from 
bad habits, sloppy processes, or poorly 
defined initiatives that hamper efficient 
operation of the department. 

If you're currently planning a move to the 
cloud, there is good news and bad news for 
any poor IT habits your department may be 
harboring: The bad news is that moving to 
the cloud will not automatically fix — and 
may in fact exacerbate — your organiza- 
tion's sloppy IT practices. If your IT depart- 
ment is inefficient, moving to the cloud will 
simply move that inefficiency to a new 
envirormient — one over which you exercise 
even less control than you do currently. 

But here's the good news: Although it's 
true that opportunities entail risks, it's also 
true that risks provide opportunities. And 
moving to the cloud is an opportunity for 
you to purge some of those bad IT habits. 

Wherever You Go, Bad IT Habits Follow 

David Cearley, analyst and vice presi- 
dent at Gartner, recently pointed out that 
perhaps the most obvious offender is the 



Key Points 



Every problematic local IT habit — whether 
related to security, deployment, server 
management, or some other aspect of 
IT — has its counterpart in the cloud and 
can exist just as easily in the cloud as in 
your local data center. 
Bad IT habits do not improve simply 
because of a move to the cloud; they may 
in fact be worsened because of the lack of 
centralized control. 

Finding ways to mature your IT process- 
es will help resolve problems both locally 
and in the cloud. Some analysts recom- 
mend a maturation methodology based 
on Carnegie Mellon's Capability Maturity 
Model research. 



purchase of "shelfware" — over-subscribed 
or over-licensed applications for which the 
company has paid, but which sit unused. If 
your department has historically over-pur- 
chased seats for applications, there's no 
reason to expect that this will change once 
you move to the cloud. 

Let's say you opt for a cloud-based 
CRM solution. That service, effective and 
well-regarded though it is, costs you 
money. Do you really need to buy CRM 
seats for your help desk? Your develop- 
ers? Yes, discounts kick in the more seats 
you buy, but getting a good deal is still a 
waste of money if the product remains 
unused or underutilized. 

Shelfware is only one example of bad IT 
habits that may follow you to the cloud. 
Jim O' Gorman, a security consultant and 
IT analyst with Continuum Worldwide, 
points out that without action on your part. 




the same issues you currently battle local- 
ly will simply follow you to the cloud. 
These can include such things as poor 
tracking of data, inattentive user manage- 
ment, giving too many privileges, and a 
general lack of attention. 

Many bad IT habits involve security — or, 
more accurately, a lack of security. Even if 
strict protocols are in place, they're often 
ignored or compromised. Users share 
accounts or account passwords, users write 
passwords on sticky notes, passwords don't 
get changed regularly, or security features 
get turned off in response to user com- 
plaints. These things happen everywhere, 
and pretending that they don't happen in 
your organization is foolhardy; pretending 
that moving to the cloud will magically 
correct the problem is even more foolhardy. 

Another issue has to do with cloud-based 
tools themselves. There's nothing inherent- 
ly better about cloud-based applications, 
and expecting IT to improve because the 



organization is now using cloud-based soft- 
ware is bound to disappoint. As Info-Tech 
Research Group analyst John Sloan points 
out, "SaaS is not in and of itself a product; 
it is a delivery method for a product. 
Applications are where IT business align- 
ment happens, not hosting infrastructure. 
Inefficient software or software that does 
not meet business needs will not be made 
magically better if it is cloud-based. 
Similarly, poor application deployment and 
usage will not be magically remedied by 
being cloud-based." 

Solving The Problem: First Steps 

Most IT problems, cloud-based or local, 
result from immature processes, and those 
can be corrected by adopting a process 
maturity model such as the one proposed 
by Info-Tech and based on Carnegie 
Mellon's research into the Capability 
Maturity Model. In that model, processes 
range in maturity through five increasingly 



sophisticated levels: initial, repeatable, 
defined, managed, and optimized. 

Initial processes tend to be ad-hoc and 
undefined, and whether such processes 
succeed is largely dependent on individual 
efforts. A repeatable process is at least 
connected to tools that can track costs and 
scheduling. A defined process is standard- 
ized and integrated into the organization's 
methodology. A managed process is one 
that includes detailed measures of the 
process — in keeping with the oft-repeated 
adage that "one cannot manage what one 

cannot measure." Finally, an optimized 
process, says Info-Tech, is one 
that embodies a continuous pro- 
cess improvement. 

Info-Tech's report, "IT Process Maturity 
Is On the Level," details ways to mature 
your IT processes. That report makes sev- 
eral key recommendations: 

• Lead the charge. Change does not just 
happen; it must be led. The IT manager 
who decides to begin maturing the 
processes in the department must 
approach the change process head-on. 

• Define the maturity level. Use Info- 
Tech's Process Maturity Assessment 
tool to understand the maturity of the IT 
department's processes. 

• Evaluate resources. Assess the organiza- 
tion's financial resources and human cap- 
ital capabilities to discern whether an 
investment in process maturity is feasible. 

• Prioritize. Do so based on the resources 
available and the importance of these 
processes to the organization. 

• Standardize IT. Gather the leaders of 
each of the IT groups and have them 
compare similar processes in order to 
define a set of standards to be used uni- 
formly across the department. 

• Standardize IT/business processes. 
Suggest a collaboration meeting with 
business units affected by IT processes 
to define the standard processes by 
which all parties will abide. 

• Brainstorm metrics. 

• Benchmark IT. Establish a benchmark 
for each of the metrics that would define 
it as a success or a failure. 

• Evaluate metrics and standards 
periodically. 

In the end, the thing to keep in mind is 
that merely moving to another environ- 
ment will not solve IT (or other) problems, 
and it could even make them worse. 
Simply being aware of that may go a long 
way toward helping your organization 
purge itself of some of those habits before 
taking on a cloud-based initiative. Q 



Worldwide IT Cloud Services Spending* by Product/Service Type 

2008, 2012 
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Storage 
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& Deployment 
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$16.2 Billion 



According to IDC, cloud-based IT spending will continue to Increase over the 
next several years. But moving IT services to the cloud will not, in and of itself, 
solve problems related to poor local IT practices. (Graphic courtesy of IDC.) 
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$42.3 Billion 

* Includes IT enterprise spending on Business 
Applications, Systems Infrastructure Software, 
Application Development & Deployment Soft- 
ware, Servers and Storage 



Source: IDC, October 2008 
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s a U.S. designer and manufacturer of 
hnical Workspace Solutions. 



Command Centers 
Control Stations 
PACS - Mobile Carts 



Relay Racks 

Flat Panel Monitor Arms 
Motorized Work Stations 
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COST EFFECTIVE 

Buy at 1 0-20% below competing sites 

FAST SHIPPING 

Products ship within 24-hours 

EASY-TO-USE WEBSITE 

Transactions completed in 4-dicks 

INDUSTRIAL GRADE QUAUTY 

Highest quality PDUs on the market 
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Study Suggests 
New Measurement 
Of Investment Returns 

IT has a problem, and security isn't it. 
According to the Ponemon Institute, it's how 
to justify spending money on something that 
doesn't fit the ROI model that governs most 
major budget-related decisions. Ponemon's 
solution to the problem is called POP, or 
return on prevention. Michael Spinney, an 
analyst at Ponemon, defines POP as "mak- 
ing the case that every dollar spent on infor- 
mation security will yield a certain return in 
terms of not suffering a breach or attack." 
But to understand how POP can help, you 
need to understand the current security 
challenges IT is up against, straight from 
the source. 

A Better Metric 

The Ponemon Institute just released an 
independent study sponsored by Vodafone 
and F-Secure that attempts to quantify the 
value of various security strategies. The 
firm surveyed 488 United Kingdom-based 
security professionals in a variety of indus- 
tries, including financial services, technolo- 
gy, education, communications, energy, 
government, healthcare, and retail, on 
what they thought about the security 
responses that are commonly applied to 
close the security gaps at their respec- 
tive organizations. 

According to the experts on the front lines, 
the most effective solutions — those that 
deliver the highest ROP — need to be effec- 
tive, inexpensive, easy to deploy, and 
resource-light. Top performers include 
antivirus applications, anti-malware soft- 
ware, endpoint security solutions, Web 
applications firewalls, and policy enforce- 
ment tools. The respondents also ranked 
mobile device security above a more tradi- 
tional enterprise-wide information security 
platform. Governance and control activities, 
such as end-user training, staff certification, 
and the naming of a CISO (chief information 
security officer), were singled out as some 
of the most effective methods of achieving a 
high ROP. 




In the study, Ponemon highlights the fact 
that the most pressing security issue IT 
faces today, which is the loss, theft, or 
removal of sensitive information, is suffering 
from a dearth of funding in most organiza- 
tions. ROP's goal is to give IT security pro- 
fessionals a way to direct attention away 
from concrete but ineffective terms of ROI, 
cost savings, and revenues and instead 
make the focus of budget approvals about 
how much prevention each dollar can buy 
for the company. 

by Andrew Leibman 



COVER FOCUS 



Essential Tips For Cloud 
Computing Success 



Get The Most Out Of 
Your Investments 



by Chris A. 
MacKinnon 
■ ■ • 

The cloud is full 
of competition. 
Which cloud is 
the right cloud? 

Which cloud provider best suits your 
business and technical needs? How do 
you find the most economical cloud 
provider? Before settling on a cloud solu- 
tion, you need to know what you're get- 
ting into. But how can you get the most 
out of your cloud computing investments? 
Here are a few tips to help you navigate 
the cloudy skies. 

Seize The Day 

Nicole McGarry, senior manager of 
cloud automation product marketing with 
Quest Software (www.quest.com), says 
it's important to avoid "analysis paralysis" 
by getting started today. "It's very easy to 



Key Points 



• SMEs that are apprehensive about mov- 
ing to the cloud should not be afraid to 
test the waters; rather, they should start 
small with simpler projects to find out what 
works and what doesn't. 

• Research the services you're considering 
to determine if they're legitimate cloud 
offerings or if they're previous offerings 
rebranded as cloud services. 

• Find a provider that can scale its services as 
your needs grow, but be sure you know the 
provider's limits for scale and complexity. 



get caught when evaluating the abundant 
technologies, models, and hype associated 
with cloud," she says. "At some point, you 
just have to jump off the diving board and 
get in the water. Many organizations, both 
modest and enterprise-class, are starting 
with a smaller deployment to vet the tech- 
nology fit, understand critical process 
changes, and get early user buy-in." 

McGarry says that, once the cloud is 
deployed, many organizations begin 
actively determining what works and, 
more importantly, what doesn't. "Com- 
panies that delay this kickoff are missing a 
critical learning experience and will quick- 
ly fall behind their more aggressive 
peers," she says. 

According to Richard Davies, CEO of 
ElasticHosts (www.elastichosts.com), 
quick wins on the public cloud are neces- 
sary. Davies says businesses do not need 
to invest a great deal of time and money to 
jump onto the cloud bandwagon. "There 
are a number of quick and easy ways busi- 
nesses can begin to adapt to cloud infra- 
structure without breaking their bank 
account," he says. "For instance, scalable 
Web hosting, development and testing 
environments, backup, archiving, and dis- 
aster recovery are all great early uses for 
cloud servers and are easy to get started on 
right away." 




True & False 

Jeremy King, executive vice president of 
technology and products at LiveOps 
(www.liveops.com), says managers should 
know a "true cloud" from a "false 
cloud." King explains, "Beware of 'shrink- 
wrapped' traditional software wearing a 
'cloud' package. As customers increasing- 
ly recognize the tremendous value from the 
cloud computing model, many traditional 
software vendors are wrapping the word 
'cloud' around the same old traditional 
software and using it as a sales and market- 
ing ploy." 

King says the idea that cloud computing 
can be done internally within an enterprise 
represents what some have called the false 
cloud. He says this so-called cloud involves 
all of the cost and time delays associated 
with traditional software deployments. "It 
is not really agile, flexible, or cost-effec- 
tive," King notes. "In a nutshell, you're 
buying assets that require time, people, and 
cost, and you do not get the economies of 
scale that true cloud computing provides." 

According to Peter Coffee, director of 
platform research with Salesforce.com, a 
proactive approach is the best approach. He 
says if anyone says that the cloud can't do 
something, managers need to challenge that 
statement. "Capacity, security, governabili- 
ty, and other key attributes of enterprise IT 
are achievable in the cloud at a price that's 
small compared to the larger cost savings 
of multitenant services," Coffee says. 
"Take the time to lay out, and cost out, the 
diagram of a complete solution in a way 
that fully evaluates the options, and don't 
accept false alternatives of cloud. Rather, 
consider integration opportunities that 
allow the strengths of each environment to 
contribute to the whole." 

Scale As You Grow 

Vidur Apparao, CTO at LiveOps, says 
making sure your cloud provider can scale 
with you as you grow will help in the 
investment long run. "While most cloud 
technology providers are able to support 
the needs of small business customers, few 
are able to seamlessly manage a cus- 
tomer's increased size and capability needs 
as it grows to a medium-sized enterprise," 
Apparao says. "Understand what your 



provider's scale and complexi- 
ty limits are so as not to be 
taken by surprise as your 
bandwidth needs grow." 

Apparao says SMEs 
shouldn't rely on just the 

claims of the cloud provider, but rather 
should get details on the size and usage 
patterns of the largest tenants, ask about 
overall system capacity and peak utiliza- 
tion, understand what bottlenecks exist in 
the provider's architecture and processes, 
and make sure the provider does regular 
capacity and resource planning. 

In McGarry' s opinion, one of the great 
things about the cloud is that it's relatively 
easy to expand the pools of resources 
available to end users. But as with all 
infrastructures, she says, there are scale 
limits to any architecture, and it is impor- 
tant to look at expected and best-case sce- 
narios for infrastructure growth. "It's 
much easier to identify scale points in 
your management software, network hard- 
ware, and storage subsystems up front and 
have readily available plans that execute 
when your cloud takes off," she says. 

McGarry says that there are a number of 
ways, especially through programmatic IT 
policy enforcement, to effectively manage 
a growing user base. "In the end, you must 
be prepared to grow, and grow quickly." 

Choose Wisely 

Keao Caindec, senior vice president and 
chief marketing officer for OpSource 
(www.opsource.net), says each cloud 
provider has a slightly different pricing 
model, so data center and IT managers 
must choose a cloud plan based on work- 
loads and economics. "Be mindful of the 
type of workloads you will need to sup- 
port," Caindec says. "For example, hourly 
pricing is better for bursty workloads. For 
more usage patterns, you may want to con- 
sider a prepaid monthly pricing program. . 
. . Take a look at your prior usage and esti- 
mate the total cost based on that." ^ 

Best Tip: Never 
Compromise 
On Cloud Security 

According to Keao Caindec, senior vice presi- 
dent and chief marketing officer at OpSource 
(www.opsource.net), cloud security is critical. 
"Make sure the data center has 24/7 monitor- 
ing, onsite security personnel and closed 
circuit cameras, biometric two-factor authenti- 
cation for access, and audit logs," Caindec 
says. "Understand whether your data is stored 
and transmitted encrypted or not. Understand 
whether your servers can be segmented on a 
separate VLAN and whether you can cus- 
tomize firewalls and load balancing. Finally, 
understand how you can access your serv- 
ers. Security is critical, and you should be able 
to customize and secure your cloud environ- 
ment in the same way that you secure your 
shared resources in your own data center." 
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BUYING GUIDE 



by Tessa Warner Breneman 

Although they are seeming- 
ly simple tools, PDUs (power 
distribution units) can suddenly 
become intimidating when it's 
time to purchase a new one for 
your data center. Choosing the 
wrong PDU can trip a breaker 
and cause a network power out- 
age, so it's vital to match your 
energy needs and network de- 
vices with the right PDU. 

Tim Derochie, director of 
product management at Cyber- 
Power Systems (www.cyberpower 
systems.com), offers the following 
tips for buying PDUs: 

Evaluate your needs prior to 
shopping. Consider how many 
outlets are necessary to connect all 
your devices and how many amps 
the PDU needs to support. "The 
biggest key is that [buyers] do their 



Buying Tips: 

Power 
Distribution 
Units 
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homework and find out what they 
really need. Otherwise, they may 
not purchase the right product," 
Derochie says. 

Know your available options 
and features. Buyers will have to 
choose between basic, metered, and 
switched PDUs. Basic PDUs offer 
simple power distribution and are a 
no-frills option for administrators, 
says Derochie. Metered PDUs are a 
good option for those who are 
pushing the envelope with the num- 
ber of components they have on 
each PDU and need to keep tabs 
on the amps flowing through 
the PDU. Switched PDUs con- 
nect to the network and offer 
remote management. With a 
switched PDU, you can reboot 
the system from a remote lo- 
cation and control outlets in- 
dividually from the Web, 
making them best for admin- 
istrators that require around- 
the-clock access to their data 
center devices. 

Don't forget measure- 
ments. Be sure you measure 
how far the PDU will be 
from its power source so 
you can get a cord long 
enough to reach the power 
outlet from your rack. 
And if you need to re- 
serve horizontal space, 
consider a OU that mounts 
vertically on the back of 
your rack. 



Key Terms 



ATS (Auto Transfer Switch). Offers a primary 
and secondary Input cord. With the ATS 
capabilities, network administrators can get 
dual redundant power from two UPS systems 
or power sources to network devices with a 
single cord. ATSes come in metered and 
switched formats. 

Basic PDU. Provides simple power distribution 
and has few other capabilities. Basic PDUs are 
generally able to provide branch circuit protec- 
tion and several outlets to connect devices in 
the rack enclosure. 

Dual Circuit PDU. Offers two input cords 
to support servers and network equipment 
with dual redundant Inputs to create a fault- 
tolerant rack Installation with power from two 
UPSes or building circuits supported by genera- 
tors. Dual circuit PDUs come In basic and 
metered formats. 

Metered PDU. Monitors the amps flowing 
through a PDU so network administrators can 
be sure the amperage coming from the con- 
nected devices does not exceed the capacity 
the PDU is designed to handle. 

Switched PDU. Offers the benefits of a 
metered and basic PDU, along with the ability 
to remotely manage the load through a network 
connection. Through the network connection, 
administrators are able to switch PDUs and 
individual outlets on or off and reboot the sys- 
tem if necessary. 
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Physical Infrastructure 




CS-2HD2/HDE Smart Power Monitor 

Easily add Input current load and power monitoring to any 
existing cabinet 

Quickly added to SAN's or other cabinets that do not have 
any power monitoring capabilities 
Measure aggregate current draw on each power circuit 
IP access and security/Environmental monitoring 
Provides automated SNMP-based alarms or email alerts 



Server Technology 

^liilicw fnrlhcDii[ii tirscr ft?iipmcf!l C.ihirel 



Server Technology Inc. 

(800) 835-1515 
www.servertech.com 



Physical Infrastructure 



CW-24V5 Sentry Switclied CDU 

Mixed Outlet 3-Phase 
415V/240V 

• Achieve greater efficiencies 
by bringing 3-Phase 415V to 
the cabinet and 240V to the 
devices 

• Single-power input feed; 24 
outlets per enclosure 

• Delivers up to 21 .6kW 

• Remote power management 

• IP access and security 

• SNMP traps and email alerts 

• Environmental monitoring 

• Ability to add an expansion 
module 




Server Technology 



Server Technology Inc. 

(800) 835-1515 
www.servertech.com/products 



Physical Infrastructure 



CS-3AVY Sentry Smart CDU 

/Provides reliable 3-Phase 
power distribution. Multiple out- 
let types distribute multiple volt- 
ages via 3-Phase 208V Wye 
power In-feed. 



m 

Server TechnolosVi Inc. 



High Density 
Multiple Voltage Outputs 
Input Current Monitor 
IP Access & Security 
SNMP Traps 

Environmental (Temperature 
& Humidity) Monitoring 
Branch Circuit Protection 
NEW! Linking for Smart 
CDU (Expansion Modules) 



Server Technology Inc. 

(800) 835-1515 
www.servertech.com 



Product 



Description 



Product 



Description 



Processor.com 



September 10, 2010 



AL INFRASTRUCTURE 



PRODUCT SPOTLIGHT 



Dwer Distribution Units 



CyberPower PDU1 5SW8RNET CyberPower PDU20MV20F 




The CyberPower PDU15SW8RNET is an eight-outlet rack- 
mount networked PDU made of rugged, industrial-grade 
metal. It provides 120V 15A output. From a single NEMA 
5-1 5P input, it delivers an unfiltered electrical pass-through 
current to eight NEMA 5-1 5R receptacles. The PDU15- 
SW8RNET provides a network connection through an RJ45 
Ethernet port and offers remote management. 

• LCD screen provides real-time load monitoring 
measured in amps 

• 1 0-foot AC power cord included 

• Can be mounted horizontally or vertically 

Best For: Organizations looking for a rugged, industrial- 
grade switched PDU. 

Price: $595.95 



The 20-outlet CyberPower PDU20MV20F OU vertical 
rack-mounted metered PDU can support 20 NEMA 5- 
20R receptacles with unfiltered electrical pass-through, 
and the LCD screen offers real-time load monitoring 
measured in amps. With an industrial-grade metal exteri- 
or, the PDU20MV20F offers a rugged design and can be 
mounted horizontally, vertically, or on the wall. 

• 20-amp electrical capacity with a circuit breaker 

• 1 0-foot AC power cord and cord retention tray 
included 

• ETL/RoHS-certified 

Best For: Data centers in need of a flexible and rugged 
metered PDU. 

Price: $198.95 



CyberPower PDU30BHVT10R 



The CyberPower PDU30BHVT10R is a rackmount basic 
PDU with 10 outlets that offer 200V/230V 30A output 
and deliver unfiltered electrical pass-through power to 
10 IEC-320 (two C19/8-C13) receptacles from a NEMA 
L6-30P twist-lock plug. The industrial-grade metal hous- 
ing provides a rugged exterior, and it includes a 10-foot 
AC power cord. The PDU30BHVT10R can be mounted 
horizontally and vertically, and it comes with a lifetime 
warranty for defects in design, assembly, material, 
and workmanship. 

• 30-amp electrical capacity with a circuit breaker 

• Includes a cord retention tray 

• ETL/RoHS-certified 

• 1 U rackmount 

Best For: Companies looking for a rugged basic PDU. 
Price: $209.95 



PDUs Direct C-16V1-C20MX 




The C-16V1-C20MX is a metered OU vertically-mounted 
PDU that features 16 NEMA 5-20R outlets, multiple in- 
feed plug types, and a local amp meter. Engineered to 
be compact, the C-16V1-C20MX is mounted in the rear 
dead space, so your rack space is open for equipment 
and ventilation. 

• 1 5- or 20-amp steel-cased enclosure 

• Includes local LED input current monitoring to accu- 
rately measure the amps drawn on the connected 
power circuit 

• Immediately observes new equipment's impact on the 
collective current draw 

• Loads each circuit to its threshold safely, decreasing 
the risk of overloads 

Best For: Small to midsized organizations looking for a 
compact PDU. 

Price: $225 

Contact: (888) 751-7387 I www.pdusdirect.com 



PDUs Direct CW-8H2-C20M 




With the 208V CW-8H2-C20M, you can control and mon- 
itor your outlets remotely through an IP connection or 
serially for out-of-band access and enjoy the combina- 
tion of local metering and remote management. This 
PDU also provides power and environmental monitoring, 
and when power or environmental conditions surpass 
the maximum limit, users are alerted through SNMP or 
email alerts. The industrial-grade outlets provide multi- 
ple in-feed plug types and upgradeable firmware for 
dependable power distribution. Outlet Grouping also lets 
users reboot both single- and dual-power servers with 
just one command. 

• Individual and grouped outlet control 

• Environmental monitoring 

• Network and serial connections 

• Eight NEMA 5-20R outlets or eight lEC CI 3 outlets 

Best For: Small to midsized organizations looking for a 
remotely controlled power unit. 

Price: $360 



Rackmount Solutions 
BED Series 




The Rackmount Solutions BED Series comes in a variety 
of sizes with heights of 24, 48, and 70/72 inches. All 
units are 120 volts and come UL- and cUL-listed. The 
BED Series protects against overloads on each vertical 
power strip through a resettable circuit breaker, and the 
rugged, gray aluminum exterior protects against physical 
damage. The 15-amp vertical power strips feature snap- 
on/slide-off mounting, while the 20-amp models have 
spring-clip mounting. 

• Lighted on/off switch (available without; please ask) 

• Two-year product warranty 

• 1 5-foot cord included 

Best For: Small to midsized organizations looking for a 
simple power strip PDU. 

Price: Starts at $66 

Contact: (866) 207-6631 I www.rackmountsolutions.net 



Contact: (888) 751-7387 I www.pdusdirect.com 
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Tools 



Processofs Product Spotlight fiigtilights options available in key data center product categories, providing product information side-by-side for easy comparison. 

Compiled by Tessa Warner Breneman 



Cyber Switching Dualcom PLUS 




The Cyber Switching Dualcom PLUS is for IT administrators 
that need to manage equipment around the clock. The 
Dualcom PLUS includes features not found on other entry- 
level vertical PDUs. Cyber Breaker, the Virtual Circuit 
Breaker, isolates overcurrent conditions to one outlet and 
protects other equipment on the bank, thereby reducing 
downtime. Individual current monitoring on every outlet lets 
you monitor the usage on every outlet and make informed 
decisions on how best to manage your power grid. 

• Remotely monitor and manage your equipment through a 
Web browser, a Telnet session, or with SNMP commands 

• Schedule times for outlets to power on and off 

• Event logging 

• Warnings for over- and under-currents 

Best For: IT administrators needing an entry-level intelligent 
PDU with a robust feature set at a great value. 

Price: Starts at $599 per unit 

Contact: (888) 31 1-6277 I www.cyberswitching.com 



Cyber SwitcliingePower 




Cyber Switching's ePower family is targeted at data center 
managers searching for greener solutions. These products 
integrate enhanced features while remaining reliable and 
affordable. Patented Individual Outlet Power IVIetering and 
Control provides billing-grade metering for each individual 
outlet at an accuracy of 2% or better. Utilizing the unit's full- 
color LCD touchscreen or a standard Web browser, IT per- 
sonnel can keep up-to-date on critical information, includ- 
ing real-time power information, load details, input line uti- 
lization, and system status. ePower saves your company 
time and energy while also saving the environment. 

• Patented Cyber Breaker® technology protects equip- 
ment by limiting overcurrent conditions to a single outlet 

• Color LCD touchscreen has an intuitive interface 

• Two high-speed USB ports can support up to 127 
peripherals, such as environmental sensors 

• IVIore than 60 high-density PDU configurations 

• Network connection allows for remote monitoring and 
management of your power usage 

Best For: Companies looking to implement a compre- 
hensive data center management plan. 

Contact: (888) 31 1 -6277 I www.cyberswitching.com 



Eaton ePDU Core Power Series 




The Eaton ePDU Core Power Series is built to provide 
reliable power distribution for high and ultra-high power 
density applications. The 30A three-phase Core Power 
Series units are optimal for 208V three-phase solutions 
and up to 50A of power. They are available in both basic 
and monitored network technologies. In addition to being 
able to remotely monitor the current draw of individual sec- 
I tions, the monitored versions also have the capability to 
monitor for hot spots or cooling loss within the enclosure. 

• Deliver adequate, but not excessive power, targeting 
8.7kW per enclosure 

• Minimize wasted poles to fully utilize available power 
on panel boards 

• Prevent temperatures from reaching levels that 
demand costly cooling solutions 

Best For: Mid- to enterprise-level data centers with high 
power requirements. 

Price: Starts at $499 



Racl<mount Solutions 
SPDU20-0U Power Commander IQ 




The SPDU20-0U Power Commander IQ is a network- 
controlled PDU from Wiremold/Legrand that delivers secure 
remote access to all power outlets through an HTTP Web 
browser. Telnet, SNMP, external modem, or email. 
Additionally, users can send control commands through 
email, and the AutoPing feature reboots the system if it ever 
goes down. Through the embedded Web server, you can 
modify settings or the system status and view the current or 
temperature through the TCP/IP network or a local direct 
connection. The SPDU20-0U Power Commander IQ offers 
three hardware options for mounting in racks and cabinets. 

• 64-bit network security with username and password 
protection and IP screening per outlet 

• Alarms for predetermined settings, including audio 
buzzer, email, TRAP or data log, and alarm message 
time interval 

• Convenient Access Control List for assigning access rights 

Best For: Small to midsized businesses looking for flexible 
mounting options for racks and cabinets. 

Price: Starts at $430 



Server Technology 
Smart Power Monitor 




The rack-based Smart Power Monitor from Server 
Technology lets you add current load or power monitor- 
ing to your cabinet via Web GUI using either a serial 
connection or a Web-based interface. Additionally, you 
can be sure your CDU's power in-feed is correctly 
loaded. The Smart Power Monitor can support two exter- 
nal 10-foot probes, which measure the temperature and 
humidity levels. You can view the conditions through a 
Web interface and receive alerts when environmental 
levels surpass thresholds you've set. 

• Input current monitor measures the aggregate current 
draw on each power circuit 

• Remote management via Web-based interface or 
serial connection 

• Supports two external 10-foot probes that measure 
temperature and humidity 

• True RMS current monitoring 

Best For: Organizations that need to remotely monitor and 
aggregate information for data centers and other facilities 
and already have Basic or Metered PDUs deployed. 

Contact: (800) 835-1515 I www.servertech.com 



Server Technology 
Sentry Power Manager 




The Sentry Power Manager from Server Technology is 
engineered to let users access and manage multiple 
Sentry devices in an IP-based enterprise network. Not 
only do you get a global view of all Sentry CDUs, but you 
can view devices based on their temperature, humidity, 
current, and device status. 

• Access through any standard network browser 

• Group and cluster outlets for remote reboot and power 
data on one CDU, across linked CDUs, or across an 
IP address 

• Logs by start and end date include information such 
as discovery and user login 

• Trending capabilities include the ability to graph using 
start- and end-date temperature, humidity, infeed load, 
infeed power, system watts/unit area, and system total 
power 

• Real-time alarm notification 

Best For: IT managers needing to remotely manage 
power consumption and maximize energy efficiency. 

Contact: (800) 835-1515 I www.servertech.com 



Contact: (866) 207-6631 I www.rackmountsolutions.net 
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ASM Modular Systems 
Raised Access Flooring System 




ASM 

innovations in access flooring 



Raised access flooring systems from ASIVI allow for 
easy reconfiguration via instant access to wiring and 
cabling. ASM's raised access floors include technol- 
ogy to address advances in electronic worl<flow and 
energy efficiency. 

• Incorporates a solid brass positive grounding device in 
every panel 

• Uses nickel chrome plating on critical parts for safety 

• Uses a solid tube design that's better than conven- 
tional U-shape for high-strength stringers 

• Green building elements 

• High-pressure laminates available 

• Vinyl plastic that's resistant to strong chemicals 

Best For: IT administrators who require electrical 
grounding and want no zinc whisl<ers and high-strength 
stringers. 



Bergvik Flooring 
IVIodular Raised Floor 

BERGVIK® 



floors on a higher level 



In the flooring business since 1970, Bergvik offers the 
strongest, most stable and modular raised floor available 
for data centers. Bergvik's engineering department sup- 
piles CAD drawings that are suited to your needs. 

• The Iso Floor system offers custom panels as an 
option to fit your equipment depths and allows for 
optimization to build smaller and smarter rooms; floor 
heights from 12 to 94 inches 

• River Cooling Airflow Panels with high-plume fins 
provide superior air stratification to cool upper servers 
when compared to flat bottom panels; the unique 36- x 
24-foot panel also allows for more server racks 

• Earthquake bracing frames will fit any raised floor and 
are tested to NEBS standards 

Best For: Enterprises that are looking to lower energy 
costs by up to 40% and add more server racks in the 
same footprint, increasing their revenue stream. 



Commercial Flooring Systems 



i 



COMMERCIAL 

FLOORING SYSTEMS, INC. 



A full-service flooring contractor. Commercial Flooring 
Systems works with hundreds of popular brands of floor- 
ing from leading manufacturers. Products include carpet, 
resilient flooring materials, ceramic tile, and other spe- 
cialty flooring products. 

• Design consultation 

• International material sourcing 

• International service coverage 

• All installation performed to the manufacturer's 
specifications 

• Quality, on-time delivery 

• Floor covering maintenance 

Best For: IT staff working with an enterprise that needs 
to update all of its flooring options. 



Seaico KoldLok 




Did you know that 50 to 80% of valuable conditioned air 
is not reaching the air intake of IT equipment due to 
unsealed openings? Sealing cable openings with 
KoldLok products provides a cost-effective airflow and 
thermal management solution. KoldLok raised floor 
grommets will help you increase existing cooling 
capacity, reduce the need to purchase additional cooling 
units, and improve equipment reliability and extend 
equipment life. Seaico also makes other airflow flooring 
accessories, including PlenaFill blanking panels and the 
PlenaForm airflow baffle system. 

• Increases existing cooling unit capacity 

• Reduces the need to purchase additional cooling units 

• Prolongs equipment life 

• Can be modified to seal unique cable openings 

• Increases static pressure under the raised floor 

• Improves air delivery through perforated tiles and grates 

• Facilitates hot and cold aisle best practices 

Best For: Sealing cables, eliminating bypass airflow, 
and saving energy. 

Contact: (972) 234-5567 (call for special offers) 
www.sealco.net 



Seaico Tacky Mats 




Seaico provides a variety of tacky mats to keep your 
computer or clean room free of contaminants. Each 
mat is composed of multiple-layer polyethylene film 
with a specially treated pressure-sensitive adhesive on 
one side, which catches the contaminants from shoes 
or equipment. When sheets gather contaminants, the 
top sheet can be peeled off to expose a new sheet. 
The sheets are designed to resist adhesive transfer, 
preventing sheet-to-sheet de-lamination. Ask about our 
free removable mat holders that allow easy placement 
and removal. 

• Variety of sizes and colors 

• Keeps contaminants away from computer equipment 

• Optional company logo imprint 

• IVIat sheets individually removable and numbered 

• Non-beveled edges ensure each sheet is 
contaminant-free 

Best For: Entry ways into computer rooms or any area 
where dust/dirt can track into the computer room. 

Contact: (972) 234-5567 I www.sealco.net 



Staticworx Electrically 
Conductive ESD Rubber 



Staticworx^ 

grounded solutions ~_ 



staticworx produces antistatic floors that are ideal 
for data centers and mission-critical operations. All 
Staticworx flooring comes with a lifetime static-control 
warranty, and Staticworx EC ESD Rubber is unaffected 
by footwear choice, traffic, or environment. 

• Awarded Seal of Approval by ESD Journal as only 
fault-tolerant flooring 

• No wax or polish necessary — damp mop only 

• Installed easily over raised access or concrete floors 

• Can cover entire floor or be purchased as floor mats 

Best For: Data centers that want to ensure flooring pre- 
vents static regardless of footwear worn in the workplace. 
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Compiled by Nathan Lake 



Julie Industries 
StaticSmart Flooring 




Static mm Smarf 



STATIC CONTROL FLOORING 



For more than 30 years, Julie Industries lias been pro- 
viding static control flooring solutions to companies and 
government facilities throughout the world. The Static- 
Smart line of floor finishes includes BSD carpet tile and 
positile, ESD vinyl, and BSD rubber tile. All StaticSmart 
flooring is appropriate for data centers and access floors. 
StaticSmart offers a lifetime warranty on static protec- 
tion properties. 

• Easy to install 

• Wide selection of styles and colors 

• Low maintenance requirements 

• Permanent static protection without specialized 
footwear 

• Lifetime static protection warranty 

Best For: Data centers and networked environments 
needing fail-safe static control flooring for either access 
floor or non-access floor applications. 



Mainline Computer Products 
Infinity Air Grate 



Mainline Computer Products' Infinity Air Grate is a 
heavy-duty 24- x 24-inch perforated steel floor panel 
that can adapt to virtually every access floor system. 
With a massive 55% open area, the Infinity Air Grate 
delivers more than twice the cold airflow of other perfo- 
rated panels, and it delivers the strength to support a 
static load of 1 ,500 pounds. In addition, Mainline offers 
complete access floor systems, replacement panels, 
perforated access floor panels, antistatic carpet tile, 
and floor panel lifting tools. 

• Made of rugged, heavy-gauge steel 

• Self-retracting easy lift handle 

• Static load of 1 ,500 pounds 

• Quad Damper Kit, leveling legs, and Z-plates 
sold separately 

Best For: Computer rooms, data centers, control 
rooms, wiring closets, and anywhere continuous 
airflow is required. 

Contact: (800) 686-5312 I www.mainlinecomputer.com 



PDU Cables 

Air Guard Cable Seal 




PDU Cables is the exclusive supplier of the Air Guard 
Cable Seal line of products that seal access holes for 
routing cables through a data center's floor. The Air 
Guard Cable Seal product line provides data centers 
immediate energy savings because of the product's 
ability to significantly minimize cool air loss while 
improving static pressure to keep data center equip- 
ment from overheating. 

• Dual seal around cables provides effective, eco- 
nomical means to eliminate bypass air though 
cable cutouts 

• Reduces air loss in plenum-cooled floors 

• Improves under-floor static pressure 

• Extends life of cooling equipment 

• Flexible and simple cable routing via removal of 
floor tiles without disconnecting equipment 

Best For: Sealing any size of cable opening in a raised 
data center floor environment. 



Tate Access Floors 
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Tate Access Floors provide your servers the ability to 
meet high-performance needs, offer flexible and accessi- 
ble service distribution for quick reconfiguration, improve 
energy efficiency through the reduction of mechanical 
equipment, and boost indoor air quality. The perforated 
air flow panels utilize natural convection and maximize 
energy efficiency. 

• Sustainable design 

• Energy savings 

• Bolted stringer understructure 

• Easy access to underfioor area 

• Cutout seals to minimize air leakage 

Best For: Enterprises that want an efficient, high- 
performance raised floor data center. 



Upsite Technologies KoldLok 
Mini Raised-Floor Grommets 




KoldLok Mini Raised-Floor Grommets seal small open- 
ings in new data centers, existing computer rooms, and 
raised floors to optimize existing cooling equipment and 
manage heat loads. Measuring 4x6 inches, the patent- 
pending thermal management grommets give installers a 
handy way to split power and data cabling to minimize 
interference and also move floor tiles without capturing 
cables. The grommets improve existing cooling unit 
capacity, reduce equipment hot spots, lower infrastruc- 
ture costs, and facilitate increasing server density. Each 
grommet has 13,200 opposing, angled, and intermeshed 
nylon filaments that block up to 98% of bypass airflow. 

• Filaments and frame meet UL94 VO standards 

• Sits flush with raised-floor or other panel surfaces 

• Available with and without static dissipation 

• Static dissipation feature integrates with raised-floor stat- 
ic dissipation system to provide 1 gigaohm of resistance 

Best For: Sealing small cable openings in new or exist- 
ing data centers and for cost-effectively splitting power 
and data cabling. 

Contact: (888) 982-7800 I www.upsite.com 
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Decialty Server Racks & 



Black Box 
ClimateCab 
NEMA12 
Cabinets 




Black Box's ClimateCab enclosures offer climate- 
controlled protection that lets you install servers withiout 
\he need for additional cooling or costly infrastructure. 
Thiese full-sized cabinets come configured for servers 
or datacom equipment and feature a welded 12-gauge 
steel frame with integral struts. 

• Rated for protection against falling dirt; circulating 
dust, lint, and debris; and dripping or splashing liquids 
in indoor environments 

• Full-sized cabinet with 42U of racl<ing space 

• Available with 12-24 or M6 rails 

• Choose from models with 6,000BTU or 8,500BTU 
air-conditioning units 

• 40-inch depth accommodates most servers 

Best For: Housing servers in remote locations without 
cooling infrastructure. 

Price: $4,499.95 to $5,499.95 




Black Box 

ClimateCab 

NEMA12 

Wallmount 

Cabinets 



ClimateCab NEMA 12 Wallmount Cabinets from Blacl< 
Box are the answer when you need to install a small 
amount of rackmount equipment in less-than-ideal condi- 
tions. These secure cabinets provide a compact way to 
protect and cool sensitive components. 

• NEMA 12 rated for protection against falling dirt; circu- 
lating dust, lint, and debris; and dripping or splashing 
liquids in indoor environments 

• Compact wallmount design saves space 

• Single- or double-hinged 

• Choose from a cabinet with a fan or an 800BTU air- 
conditioning unit 

Best For: Equipment protection in hot, dirty environ- 
ments such as factory floors. 

Price: $999.95 to $2,795.95 



CableOrganizer Great Lakes 
WE Server Side Wall Mount 
Enclosure 




Perfect for server rooms that are short on floor space, 
this revolutionary WE Server Side Wall Mount Enclosure 
is designed to mount servers weighing up to 350 pounds 
sideways on the wall, leaving your floor clear and achiev- 
ing the lowest-profile projection possible. Locking mesh 
side doors provide excellent breathability for hot-running 
servers and allow both front and rear access to equip- 
ment for easy setup and maintenance. 

• 1 RMU with 34 inches of usable depth 

• 1-, 2-, and 3-inch cable management knockouts in the 
front, bottom, and rear of the enclosure 

• Optional ventilation fan available 

• M6 cage nuts and rack screws included 

• Weight capacity of 350 pounds 

• UL listed in the United States and Canada 

• Made in the United States 

Best For: Wall-mounting telecom equipment wherever 
space is at a premium. 

Price: Starts at $754.80 



Hergo 

ApxServer 

Noise 

Reduction 

Enclosure 




Hergo's ApxServer Noise Reduction Enclosures allow for 
mounting of all computers and electronic equipment that 
meets the EIA 19-inch specifications. The enclosures are 
24 x 36 inches and come in either 12U or 26U heights. 
They feature Class A noise reduction foam and are 
Class A fire-rated. 

• Can hold up to 800 pounds (1 2U model) or 1 ,000 
pounds (26U model) with industrial casters 

• 12U version perfect for under desks 

• Black, quality powder-coat finish; environmentally 
friendly 

• Front and back doors include locks 

Best For: Enterprises that could benefit from 
reduced noise. 

Price: Starts at $1,195 

Contact: (888) 222-7270 I www.hergo.com 



Liebert Mini 
Computer Room 
(MCR) Sold By 
Mainline Computer 
Products 




Looking for a plug-and-play air-conditioned cabinet? The 
Liebert MCR (sold by Mainline Computer Products) offers 
a half ton of cooling, has a NEMA 12 rating, and is 
designed to protect your business-critical IT equipment. 
Simply roll the MCR in, load your equipment, and plug it 
into any standard 120V outlet. The MCR is rated up to a 
2kVa IT equipment load, and it comes with a backup cool- 
ing module and temperature sensor. 

• Includes universal rackmount rails, casters, temp sen- 
sor, PDU, leg levelers, secure doors, and cable access 

• 42U (35U usable space); available 1 9- or 23-inch E.I.A. 

• Rated for 2,000 BTU capacity 

• Inside and outside air are isolated for maximum 
cleanliness 

• Backup cooling automatically activated by UPS 

• Optional UPS, shelves, cable glands, keyboard trays, 
PDUs, and heat rejection kit 

• Standard two-year warranty; service and extended war- 
ranty options provided by Liebert Global Services 

Best For: Data centers in need of an easy-to-install 
air-conditioned cabinet. 



Rackmount 
Solutions 
Air Conditioned 
Server Cabinet 




Rackmount Solutions' Air Conditioned Server Cabinets 
have built-in A/C units with 4k, 7k, 10k, or 20k BTUs to pro- 
tect equipment in warm or dirty environments. Units are 
available from 14 to 48U, with depths from 24 to 42 inches. 

• Compatible with all leading servers, including blade 
servers 

• Protects expensive equipment from overheating 

• No cooling water; units work like a refrigerator with a 
condensate pan 

• Can be paired with a rackmount or side-mount A/C for 
more space 

Best For: Data centers and standalone applications with 
heat problems. 

Price: Starts at $5,633 

Contact: (866) 207-6631 I www.rackmountsolutions.net 



Price: $5,995 



Contact: (800) 686-5312 I www.mainlinecomputer.com 
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Data Center Depot 
CableMax 




Picture shown with 
options included. 



CableMax from Data Center Depot is the premier cabi- 
net for cable and heat management. This cabinet was 
designed to combat the problems caused by the trend of 
components getting smaller while capacity is increasing. 
CableMax employs an abundance of cable pass- 
through holes in the frame for cross cabling and mesh 
enclosures to promote airflow throughout the cabinet. 

• Can use split rear doors to save aisle space 

• Split rail system available so you can have two differ- 
ent rail depths 

• Improved Ganging system 

• Features 63 or 80% mesh in doors and top panels 

• Additional adjustable vertical and horizontal cable 
management available 

• Dirak locks and handles on doors and side panels 

Best For: Data centers in need of a cabinet with a large 
number of cable pass-throughs. 

Price: Starts at $539.65 

Contact: (877) 429-7225 I www.datacenterdepot.com 



Data Center Depot 
Seismic Equipment 
Cabinet 




Picture shown with S 
options inchided. * 



The Seismic Equipment Cabinets from Data Center 
Depot are designed to protect valuable equipment in the 
event of an earthquake. A basic 40U cabinet is available, 
along with two 44U cabinets with special features 
designed to protect and manage a large volume of 
cables, patch cords, or fiber cables. This cabinet has an 
integrated top panel with cable pass-through and options 
such as a bend limiter with access hinge and a cable tie- 
down bar to enhance cable management. 

• NEBS Zone 4 tested 

• Top panel with cable cutout for cable pass-through 

• Available with open- or solid-sided frames 

• Cable management available 

• Available in various sizes 

Best For: Data centers that need to protect equipment 
from possible earthquakes. 

Price: Starts at $1 ,298 

Contact: (877) 429-7225 I www.datacenterdepot.com 



Hergo12U 
S-Rack 




This 12U/36-inch enclosure cabinet features a unique 
channel shock-mount assembly for the maximum level of 
equipment protection in seismic-prone environments. 

• Four 1 1 GA square cage knock-out mounting rails 

• Top fan assembly with four 75 CFM fans 

• Locking front and rear doors with knock-outs for 
additional fans 

• Perforated removable side panels with 1 2 x 24 filters 

• Options include 24- and 27-inch fixed or slide-out shelv- 
ing, 6-port RM power strip, and 1 U cable loop panel 

Best For: Housing network equipment under conditions 
of shock and vibration. 

Contact: (888) 222-7270 I www.hergo.com 



Rackmount Solutions 
Network Cable 
Bundle Server 
Rack 




Need to secure a rack with a serious number of cables? 
Rackmount Solutions' Network Cable Bundle Server 
Rack solves all problems. With a roomy interior up to 28 
inches, you can set your rails to 19 or 23 inches and 
slide left, right, or center to allow for your cabling needs. 
Rails slide front to back and side to side for maximum 
flexibility. The unit is available as an open rack or with 
doors, side panels, and tops for security/aesthetics. 

• Compatible with all leading servers, including 
blade servers 

• Allows up to 10 inches of cabling space between side 
panel and rail 

• Use as an open rack or add security with locking side 
panels and doors 

Best For: Data centers and standalone applications 
needing to integrate quantities of cable drops. 

Price: Starts at $1 ,115 

Contact: (866) 207-6631 I www.rackmountsolutions.net 



Rackmount 
Solutions 
Soundproof 
Server Rack 



f 



Soundproof Server Racks from Rackmount Solutions 
reduce external sound up to 28.5dBa while dispersing 
internal heat loads up to 7kW. Built-in casters make it 
easy to move these servers to another area when the 
need arises. The Soundproof Server Racks are avail- 
able in active and passive versions and in 24U and 
42U sizes. 

• Compatible with all leading servers, including 
blade servers 

• Increases productivity, as employees are able to 
concentrate and better communicate 

• Cuts down on workman's comp claims and OSHA 
problems because of excessive noise 

Best For: Data centers and standalone applications 
needing to reduce noise in the work environment. 

Price: Starts at $5,249 

Contact: (866) 207-6631 I www.rackmountsolutions.net 



Wright Line 
NEBS Zone 
4 Enclosure 




Wright Line's NEBS Zone 4 Enclosure, part of its Para- 
mount enclosure family, provides additional protection for 
rackmount sen/ers and network equipment in seismically 
active regions. The Wright Line enclosure demonstrated 
no deformations to the frame or any load-bearing element 
when tested by an independent facility using Bellcore GR- 
63-CORE seismic requirements for up to 1,000 pounds. It 
is offered in 24- and 30-inch widths, 34.5- and 40-inch 
depths, and 77- and 84-inch heights, which feature 38U 
and 42U usable vertical space, respectively. 

• Constructed of 12-gauge steel 

• Features a rugged internal cross member frame that 
provides additional structural integrity 

• Includes seismic mounting washers to be used in 
conjunction with approved anchoring methods for 
concrete slab or raised tile computer floors 

• Carries a limited lifetime warranty 

Best For: Data centers and any other mission-critical 
environment located in a seismic zone that cannot afford 
network downtime after an earthquake. 



Price: Starts at $3,000 
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Efficient 

Ethernet 



An Introduction To IEEE 802.3az 



by William Van Winkle 

In 2008, THE NETWORKING WORLD buzzed 
with an Intel-led proposal that was moving 
into draft form under the name IEEE 
802. 3az. Two years and multiple drafts 
later, the 802. 3az spec, commonly known 
as EEE (Energy Efficient Ethernet, pro- 
nounced "triple ee"), is set for final rati- 
fication and a fast track to shipping 
products. But what is EEE, and what does 
it mean for your enterprise? 

EEE Basics 

In a nutshell, 802. 3az relies on feature- 
compatible chips being at both ends of a 
network link. 

They agree to go into very reduced power 
states for a certain amount of time and then 



wake up to see if there's anything they need 
to respond to, says Glenn Cox, product man- 
ager for client Ethernet within Intel's LAN 
Access Division (www.intel.com). "If not, 
they go back to sleep. So instead of using 
0.5W like with a regular Gig connection, it 
drops down to about 50mW. It's significant." 

However, there is no easy firmware patch 
for upgrading to EEE. The technology 
requires a fundamental tweaking of a net- 
working hardware component called the 
PHY (pronounced "fie," short for the OSI 
model's physical layer), which connects 
the network device's MAC (media access 
control) to the copper or optical cable medi- 
um. EEE addresses Ethernet PHYs with 
100Mbps, 1,000Mbps, and 10,000Mbps 
speeds. Early 802. 3az drafts sought to also 
cover 10Mbps PHYs, but this was ultimately 
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set aside given that legacy Ethernet already 
operates at roughly 100 to 150mW, a low 
enough level that EEE wouldn't offer much 
benefit in return for the engineering effort. 

There have been several other approaches 
to power management via network connec- 
tions, such as WoL (Wake on LAN) or 
turning off a port when the PHY detects 
that there is not a cable plugged in. These 
existing features all remain; EEE merely 
works alongside them, working to lower 
the power consumption of normally active 
links. EEE also has the advantage of lower 



Key Points 



EEE (Energy Efficient Ethernet, also 
802. 3az) is a technology found on new 
PHY chips that can monitor link traffic and 
drop connections into a low power state 
when no data Is flowing, a condition that 
exists more than 90% of the time. 
The Idle power savings of EEE can be 
applied in systems beyond the Ethernet 
PHY, up into components such as the PCI 
Express bus. 

Adoption of EEE will likely be gradual as 
businesses make sure that new hardware 
and RFPs require 802. 3az adherence. 



wake-up latency than other approaches — 
about 10 microseconds. 

Normally, both sides of an Ethernet con- 
nection must support EEE in order to enable 
the idle power savings. If two adjacent PCs 
both connect into an 802.3az-enabled switch, 
but only one of those PCs has EEE support, 
the other PC will continue to operate as it 
always has, fully compatible with the switch. 

The intriguing part of 802. 3az is that it's 
about more than just the Ethernet port. The 
underlying handshake technologies can be 
applied further up the component chain. 
Once the system learns that the LAN con- 
nection has gone idle, other components 
may be able to follow suit, including the 
PCI Express bus and memory controller. 
Naturally, this introduces more complexity 
into an EEE "ecosystem," but vendors are 
confident that solutions can be found. 

"This works asymmetrically," says Wael 
Diab, technical director at Broadcom 



(www.broadcom.com) and current vice chair 
of the IEEE's 802.3 group. "Say I'm trans- 
mitting to you, and I'm going to go to sleep. 
Then if you want to power down your PCI 
Express, it may take you a little longer to 
wake that up than it would take the PHY to 
wake up. But you can say, 'Hey, whenever 
you wake me up, I need an additional 20ms 
of wake-up time before you send me a pack- 
et.' That will give you enough time to power 
up the rest of your interfaces." 

Reaching Market 

According to Maggie Wu, product line 
manager for business switching at Netgear 
(www.netgear.com), standard-compliant EEE 
products should reach the market by early 
November. Intel notes that all of its platforms 
with Ethernet will support EEE by 2011. 
For some enterprise managers, though, the 
prospect of adopting EEE may seem daunting 
when viewed as an all-or-nothing prospect. 

"In order to optimize the power savings, 
EEE-compliant products are expected to be 
deployed end-to-end in the enterprise network 
environment," says Wu. "A mix of compliant 
and noncompliant products won't be able to 
get you the maximum power savings results." 

This is true. A 100% adoption of EEE 
throughout an organization will deliver more 
optimal power savings than only partial EEE 
adoption. Still, few if any companies will 
throw out all of their infrastructure and start 
fresh for the sake of EEE. Adoption will be 
gradual throughout the enterprise. 

"This isn't going to compel anyone to 
replace a system that was just bought four 
months ago," says Intel's Cox. "But for a 
small/medium business, this is something 
that would be valuable over the long haul. 
And also, people are increasingly interested 
in just being environmentally friendly. 
Most likely it would become a requirement 
for new purchases going forward." 

As has happened many times before, 
vendors have started creeping EEE-compli- 
ant products into the market before final 
spec ratification, hoping that no substantial 
changes happen in the months before final- 
ization. So, enterprises should be cautious 
about pre-final standards compatibility. 
November isn't far away, and the most pru- 
dent course is probably to begin the EEE 
transition in that timeframe. 



Linked To Power 



These graphs from Lawrence Berkeley National Lab's Senior Network Engineer Mike Bennett show 
the obvious need for adaptive power technology in modern and near-future networking. While power 
scales upward linearly with additional links, the amount of power consumed per link magnifies with 
each link speed generation. Bennett notes that 10GBase-T is actually expected to reach 25W per link. 
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Virtual Visibility 

BLADE Network Technologies' RackSwitch G8052 
Offers Granular Control Of Your Virtual Environment 



by Robyn Weisman 

Santa Clara, Calif., -based BLADE 
Network Technologies may not be a house- 
hold name in technology circles, but its 
founders and its employees have a storied 
pedigree. BLADE began as a division of 
Nortel about eight years ago, when its 
founder and current CEO Vikram Mehta 
recognized that the Ethernet switches used 
in blade servers just weren't very good. His 
group began building switches for IBM and 
HP blade systems, and the results were so 
successful that the company was spun off 
from Nortel in 2006, explains Dan Tuchler, 
vice president of strategy and product man- 
agement at BLADE. 

About two years ago, BLADE Network 
Technologies (www.bladenetwork.net) 
branched out and began making top-of- 
rack switches specifically for data centers. 
Its latest model, the RackSwitch G8052, 
just made its debut at VMworld 2010, and 
it may be the missing link needed for 
enterprise data centers to move beyond so- 
called VM stall issues. Not only does it 
offer the latest Ethernet switch capabili- 
ties, such as hot-swappable power supplies 
and fans, it provides the sort of physical- 
level visibility and access into virtual 
servers that until now wasn't available 
anywhere, except in expensive end-to-end 
solutions from bigger vendors. 

Visibility At The Ready 

Since early 2009, BLADE has sold 
switches supporting its patented VMready 



settings, a daunting task even for a bevy of 
IT professionals. 

In contrast, VMready can separate, mea- 
sure, and control traffic by the VMs them- 
selves. "You can see which virtual machine 
is causing problems so that you either can 
move it over to debug the VLAN (virtual 
LAN) to look at the traffic, or shut it down 
entirely so it stops disrupting traffic without 



Virtual Ethernet Port Aggregator and 
Virtual Edge Bridging. You don't have to 
worry about overhauling your virtual envi- 
ronment or proprietary taggings. 

A Purpose-Built Switch 

Tuchler describes the RackSwitch G8052 
as a "purpose-built switch" that is designed 
specifically for highly virtualized data 




having to shut down the [physical] server," 
Tuchler says, adding that BLADE switches 
equipped with VMready offer this granular 
control no matter what virtualization tech- 
nologies you are using. "It removes much of 
the risk out of configuring VMs on the net- 
work and provides a huge savings in terms 
of labor." 

Virtual In The Material World 

The G8052 is the first top-of-rack switch 
that comes with BLADE'S Virtual Vision 
technology, which lets you "see" virtual 
machines as they move from server to serv- 
er across and between data centers and pro- 
tects you against security gaps during these 
moves, Tuchler explains. Virtual Vision 



centers. The G8052 has a single-switch 
ASIC design, leading to enhanced perfor- 
mance, efficiency, and a low latency of 
only 1.7 microseconds. In addition, it pro- 
vides line rate performance for all port 
combinations and plenty of available pack- 
et buffers to handle a higher rate of variable 



microbursts that result from using virtual- 
ized multicore servers. 

"We've updated the technology and 
improved it over the previous model, much 
of it coming as a result of customer feed- 
back," Tuchler says. For example, the 
G8052 features hot-swappable power sup- 
plies and fans. "If there's a power failure 
while the unit is running, they can just swap 
it out without disturbing the network. 
Changing front-to-back and back-to-front 
airflow is important for our customers." 

Changes in the port configuration of the 
switch also matter to BLADE customers. 
As a result, the G8052 comes with 48 GbE 
RJ-45 ports, removing the need for RJ- 
45/SFP transceivers, and four lOGbE 
SFPh- uplink ports, removing the need for 
additional modules, all of which are built 
into the switch. The G8052 comes with 
some other nice additions, including a 
USB port that enables you to make config- 
uration and code changes or reboot the 
switch using a thumb drive or other USB 
external drive; a reset button that can per- 
form a reset, a reset to factory defaults, 
and a dump for diagnostics before reset- 
ting; and lead-free parts. 

According to Tuchler, the RackSwitch 
G8052 provides a cost-effective means to 
virtualize networks so that data centers can 
begin to realize the promise of virtualiza- 
tion and move beyond VM stall. "It meets 
our customers' needs to leverage their 
existing [virtual] environments while scal- 
ing up to meet increasing demand by bring- 
ing that 'Virtual Vision' across massively 
virtualized data centers and reducing laten- 
cy, power, and cost issues," he says. 



BLADE 

NETWORK TECHNOLOGIES 



technology. Traditional Ethernet ports 
can only see the physical machines in 
which VMs are housed, which means you 
are forced to anticipate the location of 
every VM on your network and then manu- 
ally manage their security and network 

BLADE Network 
Technologies 
RackSwitch G8052 



(408) 850-8999 
www.bladenetwork.net 

Description: A top-of-rack Ethemet switch 
that enables data centers to manage, 
secure, and optimize virtual machines like 
physical servers. Can be used with any 
virtualization platform, including VMware, 
Microsoft Hyper-V, Citrix XenServer, and 
Red Hat KVM. 

Interesting Fact: BLADE Network Technol- 
ogies was the first company to ship native 
10 Gigabit Ethernet blade switches, for 
which it received Frost & Sullivan's Product 
Innovation Award. 



also synchronizes policies and configura- 
tions between switches and hypervisors 
through its BLADEHarmony Manager, 
which centrally defines, distributes, and 
automates these configurations to VMready 
switches and hypervisors. 

"When you start putting virtual machines 
onto the network, there's always a huge 
risk that your virtual machine will show up 
with the wrong security settings [because] 
they may get connected to the wrong net- 
work. Then you run into problems, where 
sensitive data gets exposed to the outside or 
an application stops working because the 
VM is no longer connected to where it 
needs to be connected," Tuchler says. 

But Virtual Vision enforces that as VMs 
move, their security and networking poli- 
cies move with them, Tuchler says. As 
VMs are created, moved, and disconnected. 
Virtual Vision always knows what policies 
will be applied to your VM, including QoS 
(quality of service), ACL (access control 
list), VLAN, and other security settings. 

And blade's commitment to providing 
a solution that works with most any virtual- 
ization technology shows in its commitment 
to implementing emerging IEEE standards, 
including 802.1Qbg and 802.1Qbh for 
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Survey Finds 

File Transfer Policies 

Neglected 

A recent survey by Ipswitch, a file transfer 
security vendor, found that 40% of IT profes- 
sionals admit to sending highly sensitive or 
regulated information through personal 
email accounts. The report notes that 69% 
of respondents said they send sensitive 
information, such as payroll or customer 
data, via email without security at least once 
per month, while 34% said they do it daily. 

Hugh Garber, a senior product marketing 
manager for Ipswitch, says these numbers 
are so high because employees believe they 
are doing what they deem necessary to be 
productive. "If IT doesn't give employees the 
tools they need to get their job done, they are 
going to take matters into their own hands 
and do it themselves," he says. 

Garber explains that if IT takes security 
measures such as setting limits on email 
attachment sizes, employees will look for 
alternative options, including using person- 
al email accounts or external hard drives, 
which are difficult for IT to monitor and easy 
for users to lose. 

When it comes to improper transfers, IT pro- 
fessionals are also at fault. "IT professionals 
said they send sensitive information through 
their own personal email accounts as a way 




to 

eliminate 
the audit trail of 
what they sent and 
who they sent it to," 
Garber says. 



He explains that IT is often driven to do 
this for the same productivity reasons as 
the other employees, but also because they 
put the policies in place, so they know how to 
bend the rules. 

When policies are in place, the Ipswitch sur- 
vey found that monitoring them remains chal- 
lenging. According to the survey, 62% of 
organizations have transfer polices, but 72% 
reported their firm doesn't have visibility of 
how files are moved. 

Provide Alternative Options 

Garber explains that when establishing poli- 
cies, the focus needs to be on the feasibility 
of enforcement and providing employees with 
an alternative path. 

Alternatives, he explains, could be a solution 
such as an ad-hoc plug-in to IVIicrosoft 
Outlook, where instead of sending a file via 
email, that file is securely stored on the com- 
pany's file transfer server. Recipients then 
get the email with a link to securely download 
the document. 

"If there is a simple and easy-to-use tool, 
employees will use it because they don't have 
to find something on their own or take their 
time to do something their own way," he says. 

by Amanda Bouc 
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Not Just Another 
Network Solution 

F5 Products Help Publisher With Web Site Security, Load Balancing 




by Julie Sartain 
■ ■ • 

If your corporate Web site were 
down for several hours three to four times 
a week and your Web pages took 30 to 45 
seconds to load, you would have to find a 
new Web host or risk losing customers 
and lots of business. With the advanced 
technologies available today, that level of 
service is unacceptable. 

That was the case for Human Kinetics, 
a Champaign, 111., -based publisher and 
reseller that provides informational and 
educational products in the physical 
activity and health fields. Human 
Kinetics hosts its own Web site plus an 
additional 40 or so other sites for its 
clients and subsidiaries. The company 
was naturally quite alarmed when it pur- 
chased a load balancing and application 
firewall product in early 2009 that ended 
up being not only incredibly slow, but 
also unstable and unreliable. 

The Problems 

"We were relying 
on a competitor's 
product that was not 
meeting our needs," 
says Brad Trankina, 
director of network and 
information systems at 
Human Kinetics. "Specifically, the solu- 
tion we were using masked our customer's 
IP addresses from the Web servers. As a 
result, we could not assign currency based 
on location. With these old devices, we 
were experiencing three to four outages 
per week. Support was in a different coun- 
try, and we had to come into the office in 
the middle of the night to work with their 
support department. They also required us 
to leave the device in a failed state for 
hours so that their support team could 
troubleshoot. From a reliability standpoint 
and a support standpoint, it just was not 
meeting our needs." 

In addition, Trankina notes. Human 
Kinetics had to change its network config- 
uration before the competitor's products 
would even work, and these products 
failed to adequately log traffic and events, 
which meant Human Kinetics had no way 
of knowing which and how much traffic 
was being blocked. 

An F5 Solution 

"The previous product we were using 
was an absolute failure, so we looked for 
an alternative solution and chose F5," 
Trankina says. Human Kinetics purchased 
F5 Network's BIG-IP LTM (Local Traffic 
Manager) and F5's BIG-IP ASM (Appli- 
cation Security Manager) to replace the 
existing load balancer and application fire- 
wall, he says. 

The BIG-IP LTM is an application 
delivery controller that load balances 
all Web-based traffic and provides 
high availability, according to Mark 
Vondemkamp, director of product man- 
agement for security at F5 Networks. 
"Since deploying BIG-IP LTM, Human 
Kinetics has experienced zero downtime. 



and performance is up to three times 
faster, especially when users download 
rich media content. Because BIG-IP can 
also track IP addresses. Human Kinetics 
can now direct traffic appropriately 
and apply location-specific policies," 
Vondemkamp says. 

According to Trankina, the implementa- 
tion of F5's products went very well. The 
F5 engineers came onsite to help with the 
initial install. They helped bring the 
devices online and ensured that basic 
functionality was achieved. The initial 
implementation lasted one week. 

"It took about a month to feel fully 
comfortable with the F5 solution," says 
Trankina. "The engineers were outstand- 
ing and among the best we have worked 
with on security projects. They knew their 
system thoroughly and could answer any 
question we could come up with. They 
also did a good job working with our 
developers, which was important to the 
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initial success of the project. F5's consul- 
tants helped our developers understand 
how our applications would be affected 
by ASM and make the necessary changes 
to them." 

Trankina says the BIG-IP ASM Web 
application firewall module helps Human 
Kinetics provide better security, includ- 
ing reducing the risk of loss/damage to 
data, intellectual property, and Web 
applications and improving application 
performance. "Because the ASM pro- 
vides deep-packet inspection. Human 
Kinetics has far more detailed informa- 
tion about what is causing errors, so 
legitimate traffic is seldom blocked and 
errors that do occur are far easier to pin- 
point and fix," Trankina says. 

According to Vondemkamp, the BIG- 
IP ASM advanced Web application fire- 
wall provides end-to-end application 
protection, advanced monitoring, and 
centralized reporting while addressing 
key regulatory mandates, including PCI 
DSS, HIPAA, Basel II, and Sarbox, all in 
a cost-effective way and without requir- 
ing multiple appliances. 

"ASM is deployed in front of the appli- 
cation servers," Vondemkamp says. "It 
inspects the http requests, then compares 
them to preloaded application-specific 
security policies. If the request doesn't 
violate the policy, it is forwarded to the 
Web server. The Web server's response is 
sent back to BIG-IP ASM, and ASM 
inspects the response for additional sensi- 
tive information or data leaks such as 
credit card [or] Social Security numbers or 
any other confidential information. If the 
response complies with policy, the 
response is forwarded to the browser," 
adds Vondemkamp. 



Better Than Expected 

"F5's products have been an outstand- 
ing solution for us," says Trankina. "We 
didn't quite realize it at the time, but the 
previous vendor's devices were not (and 
did not) sufficiently log traffic and events. 
F5's logs are very informative. Because of 
the additional log information, we know 
now that the other product we had been 
using was blocking more legitimate traffic 
than we realized," he says. 

"We not only have better logs now, but 
we can also troubleshoot issues affecting 
customer traffic on our Web applications. 
We are also blocking more non-legitimate 
traffic. DLP has also been a positive addi- 
tion for our network. We can now ensure 
that certain types of data never leave our 
network, and this helps with PCI compli- 
ance," he says. 

"The F5 product is a central part of our 
Web environment. We're currently using 
it to protect our storefront, and 
we're in the process of migrating 
all of our applications to the F5 
over the course of the next three 
to six months. We are doing it 
gradually, but F5 will only 
become more central to our 
operations," Trankina says. 
As for F5, Vondemkamp says, 
the company plans to continue improving 
the product performance and user experi- 
ence, dealing with new Web security 
threat possibilities in new protocols, and 
offering improved central management 
features. F5 recently released the APM 
(Access Policy Manager) model that can 
integrate with the company's application 
delivery controller, as well as ASM, to 
provide robust authentication and single- 
sign-on services, offloading this task from 
the back-end applications. 

"These integrations give our customers 
greater flexibility and control over how 
their applications are accessed; something 
that is increasingly necessary as we 
explore cloud-based solutions in the enter- 
prise," says Vondemkamp. 



F5 Networks BIG-IP 
Application Security 
Manager and BIG-IP Local 
Traffic Manager 



The BIG-IP ASM provides end-to-end appli- 
cation protection, advanced monitoring, and 
centralized reporting while addressing key 
regulatory mandates; the BIG-IP LTM appli- 
cation delivery controller load balances all 
Web-based traffic. 

"F5's logs are very informative. Because of 
the additional log information, we know 
now that the other product we had been 
using was blocking more legitimate traffic 
than we realized," says Brad Trankina, 
director of network and information sys- 
tems at Human Kinetics. 

(206)272-5555 I www.f5.com 
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Google Proposal 
For Better Data 
Center Networks 

Cost-Saving Option Has Some Challenges 



by Jean Thilmany 

Google may be on to something as it is 
exploring how to build energy-efficient 
data center networks that use power pro- 
portional to the data that gets transmitted 
throughout the network. Most networks 
currently operate on the same power levels 
regardless of whether data use is at its 
peak, in a lull, or somewhere in between. 



Key Points 



• Google researchers have proposed meth- 
ods for constructing an energy proportional 
data center, where sen/er use is automati- 
cally scaled up or down as needs change. 

• When combined with yet-to-be- 
optimized switching technology, data 
centers could see an 85% reduction in 
the amount of power used. Energy cost 
savings scale accordingly. 

• Enterprises can replicate an energy- 
proportional data center through use of vir- 
tualized servers tied to the scaling software. 



Several Google researchers recently 
authored a paper, "Energy Proportional 
Datacenter Networks," in which they pro- 
pose several new methods of data center 
network designs. The methods pertain to the 
large clusters of 10,000 or more servers 
used by companies like Google and could 
result in significant energy and cost savings. 
In their paper, the research team demon- 
strated an 85% power reduction in a simu- 
lated energy proportional network. 

"Basically, what Google is talking about 
is taking the application load and translat- 
ing it through sophisticated math models 
into capacity requirements and then adjust- 
ing the load to those requirements," says 
Clemens Pfeiffer, chief technology officer 
at Power Assure (www.powerassure.com), 
which makes software that uses algorithms 
to automatically adjust network capacity. 

The Google team reports that numerous 
studies have shown that data center com- 
puters rarely operate at full utilization, lead- 
ing to a number of proposals for creating 
servers that are energy proportional with 
respect to the computation that they are per- 
forming. As servers become more energy 
proportional, the data center network can 
become a significant fraction, as much as 
50%, of cluster power." 

The paper states, "Servers and their 
processors are the obvious targets to im- 
prove energy proportionality, because they 
are today's primary power consumers. The 
research team reports that current multi- 
tiered data center networks consume little 
power, relative to servers, because of [their] 
high degree of oversubscription." 

Google researchers found that altering a 
data center's design can reduce operating 
expenses for a large-scale cluster by as 
much as $3 million over a four-year life- 
time. Achieving an energy proportional data 



center is possible if you adapt current 
switches through use of a topology the 
Google team refers to as the flattened but- 
terfly network instead of the more tradition- 
al folded-Clos topology. 

The paper states that the flattened 
butterfly topology is better suited for tech- 
niques that increase the dynamic range of 
network power, a comparison of power 
used while idle to power during full use. 
Researchers say this option could potential- 
ly result in $1.6 million of energy savings 
over the four-year lifetime of a cluster. 

Change In Chips 

Google researchers project further en- 
ergy savings by tuning network links to 
match performance. "Modern switch chips 
capable of congestion sensing and adaptive 
routing already have the essential ingredi- 
ents to make energy-proportional commu- 
nication viable for large-scale clusters," the 
paper states. 

Using a network simulator and running 
workloads that mirror real-life loads, the 



"Where Google has one application 
running across a lot of servers, with 
smaller applications, if you have one-to- 
one server to software ratio and you turn 
the server off, the software is gone for the 
user," he says. "If you have only single 
users, you need to keep the server on, 
making adding and removing server 
capacity more complicated." 

Large enterprises, such as banks that run 
many applications, can take advantage of 
the same types of mathematical models 
that would power the Google energy pro- 
portional data center and also install virtu- 
alized servers, he adds. 

"If you abstract your application from 
the hardware and then use automation and 
optimization functionality, you could shift 
things across [a] data center dynamically 
the way Google proposes," he says. 

Contain Cooling Costs 

Makers of energy-proportional data cen- 
ters will also need to take air-conditioning 
and cooling needs and costs into account, 
says Dave Craven, vice president of sales 
and business development at Spinwave 
Systems (www.spinwavesystems.com), a 
maker of wireless networks that monitor 
and help control building efficiency. 

"I understand Google has marvelous 
ways of regulating how many processors 
are in motion and how they can bank them 
and direct traffic to mold the processing 
power, but that all translates to heat at some 
time," Craven says. "And it's that area that 
needs air-conditioning. That's a tremendous 
amount of air that needs to be moved." 

Unfortunately, the mechanical sys- 
tems used to cool and ventilate large data 
centers haven't kept up with technological 
advances seen in the IT world. Craven 



Google researchers project further 
energy savings by tuning network links 
to match performance. 



researchers say they've demonstrated the 
85% power reduction, which approaches 
the ideal energy proportionality of the net- 
work. But results also point toward two 
challenges for future network switch 
designers. Researchers found a significant 
power advantage to having independent 
control of each unidirectional channel that 
comprises a network link because many 
traffic patterns show very asymmetric use. 
Thus, switch designers should work for in- 
dependent control of channels. 

System designers would also need to 
optimize the high-speed channel designs to 
be more energy efficient by choosing opti- 
mal data-rate and equalization technology. 

Were optimal high-speed channel 
designs and independent control of each 
unidirectional channel to be in place, 
researchers report that energy proportion- 
al data center communication is "in- 
deed possible." 

Savings Through Virtualization 

Because the Google paper was released 
only months ago, analysts and network 
switch makers haven't had much time to 
form reaction. Vendors, however, have 
taken a keen look at the document with an 
eye toward how it translates to their busi- 
ness expertise. 

The Google research is useful for the 
Google enterprise because it runs hundreds 
of thousands of servers that support its 
main search function. Capacity levels can 
be adjusted more easily when servers sup- 
port one application, Pfeiffer explains. I 



says. In other words, air-conditioning 
can't be quickly zoned up and down to 
cool the particular data center zones that 
see increased server use. 

If a data center is theoretically 100,000 
square feet, includes 1.2 million cubic feet, 
and requires about 17 air changes per hour, 
"you'll get fluctuation with the bank of 
servers activated in the energy proportional 
data center," Craven says. "That will gener- 
ate a lot of heat in a small area and the air- 
conditioning and mechanical systems have 
to be able to adapt to that. 

"Many buildings where they're putting 
newer technology and processes are still 
being heated and cooled by processes 
designed 20 years ago," Craven adds. 

But the Google work, say both Craven 
and Pfeiffer, is feasible and exciting in 
terms of cost savings for data center own- 
ers and for movement toward greener data 
centers in general. lOl 

Beyond The Big Guys 

Smaller enterprises can benefit from the 
same kind of virtualization that is recommend- 
ed for large enterprises in the financial, phar- 
maceutical, and medical world, explains 
Clemens Pfeiffer, CTO at Power Assure 
(www.powerassure.com). The energy effi- 
ciency savings here are realized in much the 
same way by tying virtual servers to software 
that automatically shifts server use up or 
down depending on processing needs. 



IT Pros Willing To Pay 
For Own Tools 

In exchange for the freedom of selecting 
which tools they can use on the job, nearty 
three-fourths of 141 IT workers recently 
polled online by Unisys indicated they'd pick 
up all or a portion of the tools' cost. Of the so- 
called "iWorkers" surveyed, 32% stated 
they'd pay the entire cost, while 21% would 
pay half the cost if able to select and use 
their own tools (laptops, smartphones, iPads, 
netbooks. Twitter, Linkedin, blogs, etc.). 
Another 21% would pay up to 30%, and 
about 26% would pay nothing. 

Sam Gross, vice president of global IT out- 
sourcing solutions at Unisys, says that 
although the percentages aren't intrinsically 
surprising, employers' hesitance to accom- 
modate workers' growing preference for self- 
purchased productivity-enhancing technology 
is. "In the recent 'Consumerization of IT 
research study Unisys conducted with IDC, 
we found that 70% of the nearty 650 employ- 
er respondents intended to continue purchas- 
ing devices for employees, while only 30% 
were considering a stipend program to fund 
employees' purchases of technologies they 
select themselves," Gross says. The same 
study also found of 2,820 worldwide iWork- 
ers, 95% already used at least one self-pur- 
chased device. 

Two Sides At Odds 

"The numbers show a disconnect between 
how iWorkers want to acquire productivity- 
enhancing technology and the way their 
employers propose to provide and support 
it," Gross says. "In short, the Unisys/IDC 
research shows that IT organizations are try- 
ing to use a traditional, top-down method to 
control a bottom-up revolution in the work- 
place. They're not adequately prepared to 
accommodate the changing work styles of 
increasingly younger workers who grew up 
with consumable technology and have high 
expectations about how it should be support- 
ed in the workplace. These organizations nsk 
missing a golden opportunity to capitalize on 
new ways of doing business, connecting with 
customers, and attracting future workers." 




A key motivator for iWorkers 
to buy their own tools is a desire 
to use tools they're proficient with in their per- 
sonal lives, he says. "This desire is especially 
strong among the youngest segment of the 
workforce — the so-called Millennials," Gross 
says. "They grew up with chips in their toys 
and are used to becoming proficient with new 
technology quickly. They prefer to apply the 
technologies they've become familiar with on 
their own to work, rather than have to choose 
from a narrow range of tools that their em- 
ployers have selected." 

Conversely, companies aren't implementing 
discount/stipend programs because they 
aren't prepared to manage such devices. 
Gross says. "These organizations are con- 
cerned that they don't have the internal 
resources to support anything but a relatively 
narrowly defined range of technologies," he 
says. "In most cases, they're right." Still, he 
adds, companies could realize economic 
benefits and manage digital allowances and 
subsidies for employees by using third-party 
services to oversee IT management. 

by Blaine Flamig 
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Standards & Technologies Update 

What new standards and technologies are 
being developed to shape future product 
development in power, cooling, storage, 
and other key areas? We talked with 
industry insiders to find out. 



Power & Cooling 
Developments | 24 

■ New approaches to delivering 
power and keeping temperatures in 
check can help IT keep everything 
running without risking a meltdown. 



Storage Evolution 1 26 

■ With advancements in storage 
capacity come advancements in com- 
plexity — and the need to constantly 
track new technologies that might 
make your enterprise run more 
smoothly. 



Security Marches On | 26 

■ Many security technologies have 
been in existence for years, but the 
growing threats mean that it's more 
critical than ever that security protec- 
tions be used in combination with one 
another and be constantly updated to 
keep the data center as secure as 
possible, security experts say. 



New Networking Technologies 
& Standards | 28 

■ Administrators who run complex 
networks must keep up with a con- 
stant stream of newly promulgated or 
modified standards; if they don't, they 
run the risk of falling behind the tech- 
nology curve and drastically compro- 
mising their ability to deliver value to 
their organizations. 



Power & Cooling 

Developments 

Technology Advances Mean More Efficiency & Less Hardware 




by Carmi Levy 

As ENERGY PRICES continue their in- 
evitable climb, data center managers 
increasingly look to improvements in 
power and cooling technologies and 
processes to hold the line on cost and 



Key Points 



Smaller, more efficient cooling units 
allow more precise, flexible placement of 
cooling within the data center facility, 
reducing the mixing of hot and cold air 
and allowing for more effective use of 
limited floor space. 

More capable hardware designs and con- 
verged network architectures reduce both 
power and cooling needs; for example, 
servers that run on DC power are simpler 
to build and waste less energy to AC/ 
DC conversion. 

Natural gas co-generation holds promise 
as both a power generation and cooling 
technology. Increased efficiency over 
conventional grid-delivered power Is an 
added bonus. 



risk. New approaches to delivering power 
and keeping temperatures in check can 
help IT keep everything running without 
risking a meltdown. 

Smaller Is Better 

A key trend is the move toward smaller 
cooling units. Traditional large, often cen- 
tralized floor-based cooling devices — each 
of which typically takes up as much as 30 
square feet of valuable floor space — are 
being replaced by larger numbers of 
smaller, more efficient cooling units. In a 
growing number of cases, says Jason 
Burnett, NeoSpire's director of network 
services (www.neospire.net), units are 
sprouting from the ceiling. 

"This approach works very well 
because most data centers have already 
moved to a hot aisle/cold aisle layout," 
Burnett says. "You can put the intakes 
directly over the hot aisles and have 
them exhale air over the cold aisles. 



You're not trying to cool down the hot 
aisles, and you don't have to worry about 
exhaust heating up your cool aisles. 
There's much less potential for mixing, 
and it's a lot easier to direct cooling to 
where you need it." 

Smaller units also allow for more effi- 
cient airflow, and advanced cooling 
infrastructure that places the chiller in a 
separate unit outside the data center 
allows managers to avoid liquid coolant 
or water running directly over sensitive 
equipment. This more focused approach 
to cooling extends to the racks them- 
selves. In-rack cooling units, where the 
heat is exchanged within the processor 
boxes themselves, can reduce efficiency 
losses due to ambient mixing. 

"This is similar to old mainframe com- 
puters, which had in-process cooling," 
says Simon Tusha, CTO of QTS (Quality 
Technology Services; www.qualitytech 
.com), a national provider of data center 
facilities and managed services. 

Nitrogen-based cooling is another 
emerging technology that, unlike conven- 
tional approaches, uses a closed-loop 
system to remove heat. "It is more like a 
residential cooling system but replaces the 
freon that would be used in a residential 
system with liquid nitrogen as the 
coolant," Tusha says. 

Better Connections 

Network architects are rationalizing 
their roadmaps to drive efficiencies. Asif 
Hazarika, senior director of product man- 
agement with IP Infusion (www.ipinfusion 
.com), says converged networking can pay 
significant power and cooling dividends. 

"Optimizing the use of the networks, 
interconnects, servers, and storage can 
be enabled through a converged network 
that reduces the equipment footprint," 
Hazarika says. "Improving bandwidth by 
upgrading servers with 10Gb Ethernet 
connections, backplanes, and 40Gb Ether- 
net backbone and utilizing converged 
enhanced Ethernet and data center bridg- 
ing technology will reduce power utiliza- 
tion and impact cooling efficiency." 

The bottom line, Hazarika adds, is 
reduced environmental and economic 



impact 
even as the 
data centers them- 
selves continue to grow. 

Smarter Servers 

The trend toward reducing power and 
cooling at the source extends to servers, as 
well. Units that run on DC power are 
slowly making inroads into data centers. 
Because they don't need to convert incom- 
ing DC power to AC, they are slightly 
simpler to build. Removing the transfor- 
mation step results in less heat and energy 
loss and ultimately less load on cooling 
infrastructure. Still, Burnett sees a gradual 
takeup of DC-powered equipment. 

"It does require changing the funda- 
mental infrastructure in existing facili- 
ties," he says. "Most data centers are set 
up to use AC and not DC, so it'll take 
some long-term investment. Over the 
next 10 years, though, especially with all 
the green movements in place and every- 
body watching their carbon footprint, 
you'll see a lot more big leaps in making 
sure servers use power in this smarter, 
more efficient way." 

Further power and heat reductions at 
the source come from later-generation 



virtualization-enabled server hardware. 
New hardware that includes built-in sup- 
port for virtualization allows data center 
managers to take advantage of signifi- 
cant efficiencies not available on older 
hardware that wasn't specifically built 
for the task. 

"Three years ago, if you wanted to 
implement a server that could handle three 
virtual servers, that one machine had to 
have enough hardware to handle those 
three virtualized machines, so you didn't 
gain any efficiencies," Burnett says. "You 
saved space, but that was about it." 

Today's multicore processors and 
faster memory allow machines to support 
soft CPU and RAM provisioning, which 
means the hardware doesn't have to be 
overbuilt on a machine-by-machine basis 
anymore. Rationalized virtualization- 
specific hardware that's matched to the 
application environment reduces the 
need to overbuild and keeps heat loads 
in check. 



Tomorrow's Technology To Watch: 
Co-Generation 



Data center managers can 
now look even further up- 
stream — right to the actual 
generation of power — for 
savings and efficiencies. 
Simon Tusha, CTO of 
QTS (Quality Technology 
Services; www.qualitytech 
.com), says a relatively new 
technology, co-generation, 
can boost both power and 
cooling capacity in one fell 
swoop. It uses a natural gas- 
powered turbine engine to 
create electricity, a far more 



efficient process than con- 
ventional coal-based genera- 
tion used widely across the 
United States. In fact, this 
technique's efficiency is 
about 43 to 44%, while coal- 
fired electricity generation is 
only 30 to 33% efficient. 

Tusha adds that such tech- 
nologies will become even 
more critical over time as 
potential carbon taxes or EPA 
regulations on carbon begin to 
impact data center operators. 



As beneficial as the opera- 
tional savings can be, reg- 
ulatory compliance could 
become a more compelling 
long-term driver of improved 
power and cooling capabilities 
in the data center. 

"Proactively addressing these 
issues and implementing 
more efficient technologies 
will reduce companies' risk of 
exposure to taxes and regula- 
tion penalties," he says. 
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Storage Evolution 

New Standards & Technologies Are Taking Hold That Make Storage More Efficient & Affordable 



by Dan Heilman 

Storage is one of the most fast-paced 
segments that data center admins must 
watch. With advancements in capacity come 
advancements in complexity — and the need 
to constantly track new technologies that 
might make your enterprise run more 
smoothly. So which storage-related develop- 
ments are worth keeping an eye on? 

Storage In The Cloud 

The technology mentioned most often by 
far was cloud computing — an "as a service" 
option that lets your organization access scal- 
able and flexible storage resources and ser- 
vices over the Internet as needed. 

"The latest storage trend affecting busi- 
nesses today is the cloud, and specifically, 
the mechanism that is enabling businesses to 
efficiently leverage the cloud: cloud storage 
gateways and cloud storage controllers," says 
George Crump, principal analyst at Storage 
Switzerland. "Cloud storage gateway tech- 
nology is entirely new, building on the con- 
cept of enterprise-ready hybrid on-premises 
and cloud storage solutions." 

Lower-cost cloud options are becoming 
more common as the technology becomes 
more refmed and more widely adopted. But 
that adoption is far from complete, says Russ 
Fellows, senior analyst at Evaluator Group. 

Fellows says the transition to cloud-based 
storage can be difficult. "It requires you to 
allow competing companies to be hosted on 
the same device with absolutely no ability for 
one company's data to interact or be seen by 
the other — and to handle different billing, 
management, provisioning, and policies all in 
one box," he says. 



Storage Pooling & Tiering 

Cloud computing in a storage environment 
could be a key requirement for delivering on 
the more complete cloud computing model. 
So could storage pooling — aggregating phys- 
ical storage resources into groups from 



Key Points 



Keep an eye on the cloud: Cloud computing- 
based storage gateways and cloud storage 
controllers could solve storage headaches. 

iSCSI can be used to transmit data over net- 
works and can enable location-independent 
data storage and retrieval. 

Other technologies of note include storage 
pooling and tiering, pNFS (Parallel Network 
File System), and solid-state drives. 



which the logical storage is created. 
Although it has been used successfully in pri- 
mary storage environments for many years, 
storage pooling is a new capability in capaci- 
ty-optimized secondary storage, according to 
data protection provider Sepaton (www.sepa 
ton.com). Best of all, it's a way to consoli- 
date and manage all of a company's physical 
storage resources in one place and to track 
and allocate them as you need to. 

Another new standard that's growing in 
popularity is a cousin to storage pool- 
ing. Tiered storage allows companies 
to manage storage allocation 
according to actual I/O needs, 
according to Michael Petrov, 
CEO of Digital Edge (www 
.digitaledge.net). 



"Everybody knows that fast disks are 
much more expensive and much smaller, and 
slow disks are cheaper and bigger," Petrov 
says. "It's easy to provision larger storage on 
slower disks." 

As an example, Petrov says, imagine a 
medical image archive being used by labo- 
ratories that upload high-res images for 
storage. If multiple labs are using the sys- 
tem, it's crucial to upload files to fast 
disks that can sustain more uploads. 
Then, once the file is uploaded, it can be 
pushed to the slower storage in case 
it's not needed again. The move from 
faster to slower storage can be done 
in the background, reducing strain 
on the system. 

"Before, storage admins would 
have to do those files using 
some logic, scripted or manu- 
ally," Petrov says. "Today, 
tiered storage can recog- 
nize less [frequently] 
accessed files and push 
them to slower storage 
automatically with- 
out interference 
from the storage 
administrator." 




Security Marches On 




standards & Technologies 
Evolve To Match Growing Threats 



by Phil Britt 

As security threats continue to evolve 
and grow, so do technologies designed to 
thwart security breaches. Many security tech- 
nologies have been in existence for years, but 
the growing threats mean that it' s more criti- 
cal than ever that security protections be used 
in combination with one another and be con- 
stantly updated to keep the data center as 
secure as possible, security experts say. 

"Security is more of a concept of risk 
management; there is no way to ensure 
that something is 100% secure," says 
Gabriel Marcos, data center security and 
outsourcing manager for Global Crossing 
(www.globalcrossing.com). "You have to 
look at what the risks are and then protect 
against them." 

Defense in depth is the best strategy, 
Marcos adds. "You should look at security 
Uke the layers of an onion: The closer to the 
core of the data center, the more layers of 
security that you should have. Don't rely 
simply on a firewall." 




Key Points 



Cloud Security Protections 
Differ By Provider 

The more that security threats 
grow in number and complexity, 
the more difficult it is for the small 
and medium-sized data center to pro- 
tect against them, says Chris Whitener, 
chief security strategist for HP. 

"Security is a very broad topic," 
Whitener says. "It's very difficult to integrate 
all of those different elements, so data center 
customers want a choice of the security that 
they can do on their own and the security that 
they can outsource." 

The choice of handling security in-house 
or outsourcing becomes more critical for 
customers using data centers operating 
wholly or partially in the cloud, Whitener 
adds. But different cloud providers have dif- 
ferent security solutions, some of which are 
much better than others, so Whitener recom- 
mends that data center managers thoroughly 
investigate the security used by any cloud 
partners. "There's some level of buyer 
beware with security when you go to the 
cloud," he says. 



Data center security threats are growing as 
data centers move into cloud computing 
and virtualization and further extend the 
ability of others to access the network. 

Security in the cloud and in virtualized 
environments should provide similar 
protection to security offered in physi- 
cal environments. 

Email security needs to not only prevent 
the data center from malware and spam, it 
must also give the end user the ability to 
see emails that have been falsely identi- 
fied as spam. 



If using a combination of in-house and 
outsourced security, test the comprehensive 
solution to ensure that some security vul- 
nerabilities don't fall between the solutions, 
Whitener says. 

Pierluigi Stella, CTO of Network Box 
USA (www.networkboxusa.com), adds 
that inside the enterprise, email is routinely 
scanned for viruses, Trojans, and other 
malware; however, sometimes that security 



is ignored once email is hosted in the 
cloud. Therefore, Stella recommends 
that enterprises ensure that cloud email 
providers use gateway scanning devices 
to inspect email packets for malware 
and spam. 

However, these gateway devices can't 
simply inspect and delete email, Stella 
says. There's too much of a chance of a 
false positive for spam, so the email 
gateway device should be able to 
inspect the email for malware and deliv- 
er safe copies to the enterprise. This 
protects against accidental deletions of 
authentic email. 

Security Employed To Protect 
Virtualized Machines 

The growth of virtualization is compli- 
cating the security of the data center, 
Stella says. With more static environ- 
ments, it was much simpler to identify 
where a security breach originated so 
that the threat could be thwarted the next 
time. But in today's environment, the 
virtualized machine can move from serv- 
er to server several times each day, so 
data centers can't rely on identifying 
only the server that was compromised 
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iSCSI Gaining Ground 

One technology seeing con- 
tinued advancement is iSCSI, 
which is short for Internet 
Small Computer System In- 
terface. iSCSI is an IP-based 
storage networking standard 
for linking data storage 
facilities. iSCSI can be used 
to transmit data over LANs, 
WANs, or the Internet and 
can enable location-independent 
data storage and retrieval. iSCSI 
commands can be sent to storage 
devices on remote servers, allowing 
organizations to consolidate stor- 
age into data center storage arrays 



while giv- 
ing hosts the 
illusion of local- 
ly attached disks. 
Plus, iSCSI can be run 
over long distances using 
existing network infrastructure. 
'We feel that iSCSI will be 
sooner or later adapted over Fibre 
[Channel storage]," says Petrov. 
Fibre is much more expansive and 
complex, he points out. Lots of 
hardware manufacturers license 
Fibre switches per port, so when 
they sell large switches, users are sur- 
prised that half ports don't work. 
They're often dismayed to subsequently 
find out that only half of ports were 
licensed and additional licenses per port 
must be purchased. 

"iSCSI is less complicated," Petrov says, 
"and when it caches up on throughput, it will 
be adopted as a universal standard." 

Other Advances 

Removing I/O bottlenecks can have a 
direct impact on your bottom line. As pres- 
sure grows on IT to deliver ever-higher lev- 
els of productivity and efficiency, they'll be 
looking to a file system standard that can 
maximize server and cluster resources while 
minimizing management overhead. Some 
say the key to that scenario is Parallel 
Network File System, or pNFS, which 
enables data access parallelism. The latest 
protocol, NFSv4.1, includes pNFS and out- 
lines ways to separate file system metadata 
from the location of the file data by striping 
the data among data servers. 



Trade Groups To Watch 

Joel Hagberg, vice president of Enterprise 
Marl<eting at Toshiba Storage Device 
Division (sdd.toshiba.com), points out three 
trade groups you might be wise to pay atten- 
tion to if you're in charge of your data cen- 
ter's storage needs: 

• The International Disk Drive Equipment & 
IVIaterials Association (www.idema.org) 
does work related to the Advanced Sector 
Format, also known as the 4k sector or 
long sector. 

• The SCSI Trade Association (www.scsita 
.org) keeps an eye on interconnectivity 
developments, such as 12Gbps SAS 
(Serial Attached SCSI). 

• The Storage Networking Industry Asso- 
ciation (www.snia.org) is dedicated to the 
latest initiatives in cloud storage, green 
storage, and other various up-and-coming 
storage technologies. 



According to Panasas (www.panasas 
.com), the NFS v4. 1 protocol has resulted in 
storage management enhancements such as 
global name space, a feature that can help 
storage administrators configure different 
hardware components to look like a single 
system, as well as head and storage scaling. 
Also, storage administrators can now per- 
form nondisruptive upgrades without affect- 
ing performance. In tandem, these features 
can reduce storage operating costs, improve 
storage network performance, and consoli- 
date systems to reduce management hours. 

On the hardware side, soUd-state drives are 
gaining more and more positive attention in 
spite of their still-high cost — about $2 per 
gigabyte, or 20 times more than the cost of 
traditional hard drive space. So why are more 
companies taking such an expensive leap? 

"They provide a huge performance boost 
and [can benefit] high-load, high-perfor- 
mance systems hungry for those disks," says 
Digital Edge's Petrov. B 




because by the time the issue 
is discovered, the compro- 
mised virtual machine 
could be located elsewhere. 
Stella recommends that data centers 
employ state-of-the-art forensics to 
determine not only the server, but also 
the virtual machine that is compromised. 

Stella also recommends physically iso- 
lating some of the virtual machines. 
Those with more sensitive data, such as 
financial transactions, bank accounts, 
and similar information, should be on 
different servers than those with less sen- 
sitive data. 

Alternatively, Jimmy Sorrells, vice 
president of enterprise products at 
INTEGRITY Global Security (www 
.integrityglobalsecurity.com), says that 
separation kernels securely separate vir- 
tual machines from one another so that 
such physical separation is unnecessary. 

"It does the same thing as physical 
separation, only with software," 
Sorrells explains, pointing out that the 
concept has been tested by the Nation- 
al Information Assurance Partnership, 
an authentication program jointly run 
by the National Institute of Standards 
and Technology and the National 
Security Agency. 

Protect The Extended Network 

Web 2.0 technologies present a host 
of security risks because they require 



people from outside the company to be able 
to access the data center, Global Crossing's 
Marcos says. "This is a big space for poten- 
tial fraud." 

The easiest solution is to deny access 
to the network, but that wouldn't permit 
the advantages of the Web 2.0 technolo- 
gies. Instead, Marcos recommends using 
visual certificates and tokens to positive- 
ly authenticate users such as bank ac- 
count holders. 

"Mobile security is something that data 
center managers are pulling their hair out 
over," Sorrells adds. "People are accessing 



the networks with devices that [data center 
managers] have no control over." 

Carl Kubitz, president and CEO of 
Lexcel Solutions (www.lexcel.com), points 
out that iPads and iPhones don't have the 
same underlying security as BlackBerry 
devices, so they should be blocked from the 
ability to access the data center. He also 
recommends the use of encryption to pro- 
tect sensitive data. 

In the same vein, the security of any new 
remote access device should be thoroughly 
tested before permitting access to the data 
center, Kubitz recommends. 



Protect Against Sophisticated Botnet Threats 

Botnets and data-stealing Trojans have been around for several years, but they continue to 
become more sophisticated, so data centers need sophisticated technologies to protect against 
these attacks, says Derek Manky, project manager for cybersecurity and threat research at 
Fortinet (www.fortinet.com). 

Even though it's not new, an antivirus application should still be the first level of defense, accord- 
ing to IVIanky. "Intrusion protection is very important," he says. "You want to be able to stop these 
in the first place." 

But the botnets continue to look for different vulnerabilities, so there's always a threat of malware pen- 
etrating the data center. In order to identify and thwart the attack as soon as possible, Manky recom- 
mends using packet inspection applications that provide insight into the malware, its communications 
method, and its location so that the data center manager can eradicate the threat. 

Application control is another technology data centers can layer on top of packet inspection, Manky 
adds. This helps protect against threats developed on social network sites. With application control, 
one can allow access to the site itself yet block certain traffic from flowing, such as widgets that can 
be malicious. 



I Thoma Bravo To Acquire LANDesk 

LANDesk Software, a provider of systems 
lifecycle management, endpoint security 
management, and IT service and asset man- 
agement products, announced it has signed 
an agreement to be acquired by investment 
firm Thoma Bravo. According to LANDesk, 
the acquisition will pull LANDesk away from 
its parent company Emerson, which concen- 
trates on manufacturing and technology. 
Under Thoma Bravo, says Steve Daly, 
LAN Desk's executive vice president and gen- 
eral manager, LANDesk can focus on its core 
business. The acquisition is scheduled to be 
finalized at the end of this month; a purchase 
price was not disclosed. 




I Windows Applications 
Found Vulnerable 

Security research companies have identified 
a security issue among Windows systems. 
About 40 different applications within 
Windows contain a zero-day flaw that could 
allow hackers to install malware on users' 
systems. Metasploit creator H.D. Moore stat- 
ed that Apple was able to fix the same bug in 
its ITunes software last March, but the flaw 
remains in 40 Windows programs, which 
have yet to be named. Microsoft has yet to 
confirm these claims, but Acres, a Slovenian 
security firm, released an advisory report 
detailing the vulnerabilities in which hackers 
could persuade users to download malicious 
media files. Patches will likely be issued sep- 
arately for each application. 

I HP Reports Strong Quarterly Results 

HP released upbeat fiscal 
third-quarter financial 
results in line with its prelimi- 
nary expectations. Its net .-^ 
revenue of $30.7 billion ^0 
represented an 1 1 % ' 
year-over-year 




increase. 

Net earnings on a GAAP basis 
rose 6% to $1 .8 billion, marking a 9% bump 
in diluted earnings per share to 75 cents a 
share. One-time legal, restructuring, and 
acquisition fees were among the factors 
weighing on the results. The company contin- 
ues to search for a replacement for former 
CEO Mark Hurd, who stepped down last 
month amid allegations of financial missteps 
and other matters. 

I Intel Grabs More Server Chip 
Market Share 

IDC reports that Intel finished the second 
quarter with a dominating 93.5% of the PC 
sen/er/workstation processor market. That 
represents a gain from the 89.9% stake it had 
during the same quarter in 2009. AMD, 
meanwhile, lost share from the same quarter 
last year to fall from a 10.1% share to 6.5%. 
Reportedly, the majority of AMD's loss hap- 
pened during the first and second quarters as 
sen/er manufacturers were slow to include 
AMD's 6000 series Opertons in machines. 
Overall worldwide unit shipments were up 
3.6% and revenues were up 6.2% during the 
second quarter compared to the first quarter. 
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I study Looks At Open Source 
Projects For Cloud Computing 

Open source projects related to application 
development for cloud computing grew 70% 
between 2008 and 2009, according to analy- 
sis by open source product developer Black 
Duck Software. Using its own dealings with 
open source projects as a basis for the study, 
the firm determined that Amazon is the mar- 
ket leader of the cloud computing phenome- 
non, followed by Microsoft's Azure platform, 
Google's Apps Engine, and Force.com. The 
firm expects massive growth in cloud comput- 
ing in the future because of the low imple- 
mentation cost and application versatility 
associated with the cloud. 

I Broadband Users Should Expect 
Half Of Advertised Speed 

Most broadband speeds are only reaching 
about half of their advertised potential, 
according to a new report from the FCC. In 
the study, consumers who believed they had 
download speeds of about 7 or 8Mbps were 
only getting half that much. The report also 
showed that the average broadband usage is 
about 9GB per month while the median is 
2GB or less. The growth in broadband usage 
over the past decade has been fairly constant 
at about 25% annually. 



Google 

I Google Faces Lawsuit 
Over Data Collection Policies 

Google is in trouble in Spain over the unau- 
thorized collection of data from unsecured 
wireless networks. The Spanish Internet 
association known as Apedanica has sued 
the Internet giant claiming such information 
gathering breaks the law in that country. 
The alleged offense happened while Google 
was gathering photographs for its Street 
View service. Google has already experi- 
enced difficulties in Germany for gathering 
data from unsecured Wi-Fi networks there. 
For its part, Google pledges to cooperate in 
the investigation and to work with Spanish 
authorities to address any privacy concerns. 
Street View has been available in Spain for 
three years. 

I Electronic Health Records 
Guidebook Released 

CHIME, or the College of Healthcare 
Information Management Executives, 
released a guidebook called 'The ClO's 
Guide to Implementing EHRs in the HITECH 
Era." Designed to help healthcare ClOs meet 
the requirements put forth by the Centers for 
Medicare & Medicaid Services, the guide 
highlights steps organizations can take to 
implement electronic health records. The 
guidebook, developed with the input of 170 
CHIME members in collaboration with the 
American Hospital Association, is designed to 
be used with the "Healthcare Leader Action 
Guide on Implementing Electronic Health 
Records," a document the two groups previ- 
ously wrote together. Both documents are 
free to download. 
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The Latest Developments 
In The Ever-Changing Realm Of Connectivity 



by Sixto Ortiz Jr. 

In the world of computing, standards 
are essential to ensuring consistency and 
compatibility across the entire technologi- 
cal spectrum. Without standards, IT 
would be a complex and vexing gaggle of 
competing and incompatible technologies. 

Networking is one of computing's core 
technologies, so there are dozens of stan- 
dards dedicated to advancing networking 
technologies. Administrators who run 
complex networks must keep up with 
a constant stream of newly promulgated 
or modified standards; if they don't, 
they run the risk of falling behind the 
technology curve and drastically com- 
promising their ability to deliver value to 
their organizations. 

Increasing The Power 

Power over Ethernet, or PoE, is a tech- 
nology that makes it possible to provide 
power to devices over data networks, 
greatly enhancing flexibility for admin- 
istrators who are looking to build new 
networks or significantly expand exist- 
ing ones. 

Daniel Feldman, director of marketing 
for Power over Ethernet at Microsemi 
(www.microsemi.com), says the original 
PoE standard (IEEE802.3af-2003) en- 
abled the powering of devices, but only 
up to 12.95 watts. This limited PoE tech- 
nology to devices with low power require- 
ments, such as IP phones, WLAN access 
points, and IP cameras, Feldman says. 

IEEE802.3at increases the maximum 
power that can be delivered to a device 
to 51W, using two 25. 5W power inter- 
faces placed on a single CAT 5 or better 
cable. This level of power, Feldman 
says, allows complete computing de- 
vices — such as notebook computers — 
to be powered over Ethernet. This revi- 
sion to the standard allows for easier 
deployment of any device because 
devices can be located anywhere without 
the need for a certified electrician to wire 
a location. According to Feldman, 
IEEE802.3at can turn PoE into the force 
that allows for true enterprise-wide 
power management. 

Redesigning Routing 

As the Internet grows in size and 
importance, routing technology must 
adjust to accommodate these changes. 
Ritesh Jukherjee, product manager at 
Cisco (www.cisco.com), says the scala- 
bility of the Internet's routing system is a 
huge concern due to the rapid growth of 
the Internet's DFZ (default-free zone) as 
a consequence of multi-homing, traffic 



engineering, non-aggregated address 
allocations, and business events such as 
mergers and acquisitions. 

The DFZ is the collection of Internet 
autonomous systems (i.e., those IP net- 
works and routers controlled by one enti- 
ty) that don't require a default route to 
send a packet to its destination. A default 
route is used by routers when no known 
route exists for a packet's ultimate 
address; in other words, the router has 
a route it can use when no other routes 
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Power over Ethernet is fast becoming a 
more viable option for powering devices 
with low power requirements over the 
data network. 

New methods of routing packets over 
the Internet, such as LISP (Locator/ID 
Separation Protocol), are increasing 
routing efficiency without requiring major 
changes or upgrades to network infra- 
structures or hosts. 

The ongoing adoption of virtualization 
has added a new level of complexity to 
network switching, requiring the devel- 
opment of new approaches to ease 
management issues. 



are known. This routing may require a 
number of hops for the packet to reach 
its destination. 

According to Jukherjee, the Locator/ID 
Separation Protocol, or LISP, is a new 
routing architecture that is used to im- 
plement a split IP addressing scheme 
to allow unprecedented routing efficien- 
cies, IP address portability and mobili- 
ty, and IPv6 transition certification. This 
is an important and very necessary stan- 
dard making its way through the IETF 
LISP Working Group, Jukherjee says, 
because it comprises a simple and in- 
cremental solution that will require 
no major changes to hosts or to net- 
work infrastructures. 

Bridging At The Edge 

There is no doubt that virtualization is 
a critical trend in data center computing 
today. As such, it is no surprise that 
some networking standards address 
virtualization needs. While extremely 
beneficial in many ways, virtualiza- 
tion creates a management, performance, 
and security headache for network 
administrators, says Dan Tuchler, vice 
president of strategy and product man- 
agement for BLADE Network Technolo- 
gies (www.bladenetwork.net). According 



to Tuchler, as companies deploy server 
virtualization solutions, the "one network 
port equals one workload" paradigm sud- 
denly breaks down as multiple work- 
loads now reside on a single physical 
network port. 

Issues that need to be addressed 
include per-VM (virtual machine) policy 
enforcement, monitoring, tracking and 
policy migration for live VM migra- 
tion, and VM-to-VM traffic switching. 
To address these issues, says Tuchler, 
a group of companies started the 
Edge Virtual Bridging ad-hoc group 
in early 2009. The group has produced 
two IEEE-approved proposals: 802.1Qbg 
and 802.1Qbh. 

With this effort, the group has pro- 
posed a mechanism using Edge Virtual 
Bridging, Virtual Station Interface, and 
Automated Migration of Port Profiles to 
discover VMs on the network and 
enforce policies as VMs appear or 
migrate across the network. In addition, 
the proposals present Virtual Edge 
Bridge and Virtual Ethernet Port Ag- 
gregator to enable per-VM switching, 
Tuchler says. 

These proposals are important because 
virtualization workloads come with their 
own sets of network-centric policy 
requirements, such as bandwidth, QoS, 
or security and isolation, he adds. For 
example, some VMs may have extensive 
QoS requirements and bandwidth, while 
others might not. Sharing the same phys- 
ical port on the edge switch means net- 
work administrators cannot provide the 
needed differentiation on a per-port 
basis, so network switches must now 
expose policy configuration at the virtual 
port level, with a virtual port attached to 
a virtual workload. In summary, Tuch- 
ler says, administrators need a way to 
track and monitor VM movement in the 
data center. 



A Little History 

The Internet Engineering Task Force uses 
Requests for Comments, or RFCs, to de- 
scribe methods, behaviors, or innovations 
in the field of Internet connectivity. RFC 1 , 
titled "Host Software" and authored by 
UCLA's Steve Crocker, was published on 
April 7, 1969, and began to establish the 
protocols defining how information is defined 
and distributed throughout the Internet. In 
1973, work began on the development of 
what would eventually become TCP/IP, 
the main protocol used for Internet and net- 
work communications. 
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BUYING GUIDE 




by Seth Colaner 



Because data represents, at 
its essence, the heart of any 
company, acquiring the right 
data backup hardware, software, 
and services is crucial to a busi- 
ness' current and future success. 
Here are some issues to consider 
when you're in the market for a 
data backup solution. 

Cost. When making a capital 
purchase, you need to ensure that 
the products will meet your current 
needs as well as your future ones. 
For example, Ben Ginster, channel 
marketing manager for Idealstor 
(www.idealstor.com), suggests that 
you should be able to simply pur- 
chase higher-capacity disks when your 
business grows instead of having to com- 
pletely revamp your storage infrastructure. 
If you're considering using a cloud ven- 
dor, look for flexibility and expandability 
in their program offerings and bear in 



Buying Tips: 

Data 
Backup 

Buveis' Checklist 



Kiorost You should be able to 
^ Reasonable cost Yo ^^^^^^^ 

as fast as possible, 
availability and expertise. 

ing as little data as possible. 



mind the costs associated 
with scaling up. 

Additionally, look for technologies that 
result in reduced costs, such as data reduc- 
tion, which limits redundant data and 
helps SMEs avoid paying for extra storage 
capacity they don't need. 



Shopping for a vendor. Because you're 
effectively trusting a vendor with your com- 
pany' s sensitive and mission-critical data, 
security and trust are paramount. Hardware 
must have a reputation for reliability, and 
software needs to be as free from vulnera- 
bilities as possible to avoid exploits by 
cybercriminals and costly crashes. The com- 
panies that sell those products need to be 
able to quickly and completely respond to 
any issues that arise, too. 

Adrian Herrera, director of market- 
ing for Nirvanix (www.nirvanix.com), 
advocates looking for a service pro- 
vider that is transparent regarding its 
practices and has cleared security 
measures such as a security audit by a 
third party and SAS 70 type II certifi- 
cation. Any SLAs (service-level 
agreements) should be thoroughly 
reviewed before you sign them. 

Ease of use. If your data backup 
solution requires a system adminis- 
trator or an individual with a high 
degree of network expertise to per- 
form tasks that could be automat- 
ed, simplified, or performed by an 
employee with less experience, 
you'll be wasting money and the 
time of an employee who could 
be doing other more expertise- 
appropriate tasks. 

Jeff Rector, director of marketing at 
Quantum (www.quantum.com), suggests 
looking for solutions with setup wizards 
and other administrative software that the 
average user can install, configure, and use 
to troubleshoot. Also, be sure that you're 
able to access your archives quickly, that a 



technology or vendor offers backward com- 
patibility, and that speed is optimized. 

Technical support. Everything breaks 
eventually, and when it's your data backup 
solution, you need to fix the issue and get 
back online as soon as possible. Look for a 
vendor with 24/7 customer support; a high 
level of technical expertise from support 
personnel is a must. 

Eric Burgener, senior vice president of 
marketing at InMage (www.inmage.com), 
suggests looking in the fine print for an 
RTO (recovery time objective, or how 
long it takes your system to recover) of as 
close to zero as possible. Also examine the 
RPO (recovery point objective), which is a 
measurement of how much data loss is tol- 
erable during an issue resolution. For 
example, can your company survive for 30 
minutes of downtime without any serious- 
ly adverse affects, or would even 10 min- 
utes spell disaster? 

You should also be able to access a 
vendor's technical support as quickly as 
possible, and the vendor should have a 
technician to you (if needed) in the short- 
est time possible. Q 



Key Terms 



SAS 70 type II certification. An industry 
standard that is awarded to vendors or 
service providers tinat adhere to certain 
criteria to ensure security and control. 

Service-level agreement. An SLA is a 

document that defines the terms of service 
between a customer and a service provider. 
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Arkeia Software vStorage 
Backup Agent For VMware 

arkeia 

SOFTWARG 



Arkeia's vStorage Backup Agent offers comprehensive 
backup and recovery support for VMware vSphere 4 
platforms, including vCenter, ESX, and ESXi, and fea- 
tures proxy-free virtual machine backup. A Web-based 
user interface manages backups of both physical and 
virtual environments to disk, tape, or disk-to-disk-to-tape. 

• Block-grain incremental image-level backups use 
VMware Changed Block Tracking for reduced storage 
needs and faster backups due to reduced network traffic 

• vCenter is integrated for simplified management of 
backup and recovery operations for environments with 
multiple physical hosts 

• Only one package to install 

• Can be installed on an Arkeia backup server for single- 
computer deployment 

Best For: Sites with one or more vSphere hyper- 
visors with vStorage that want fast, easy-to-use, 
affordable backup. 

Price: Starts at $1 ,500 per VMware vSphere hypen/isor 



Axcient Complete Data 
Protection Platform 




Axcient's Complete Data Protection platform delivers 
all-in-one data protection by combining heterogeneous 
servers into one offering from a single vendor. The 
platform features data backup, business continuity, 
and disaster recovery designed to be easy to use for 
SMEs. Data and server images are stored at Axcient's 
SAS 70 ll-certified data center, which can be accessed 
easily. With just a click, users can restore data or run a 
failed server directly on the Axcient appliance until a 
replacement is found. 

• Hybrid platform, with a local appliance for speed and 
offsite replication for safety 

• Failover option to the Axcient appliance 

• Agentless; no software install 

• Integrated with popular remote monitoring platforms 

• No hardware to purchase 

Best For: Data backup, disaster recovery, and business 
continuity with full data protection for laptops, desktops, 
and sen/ers. 



CommVaultSlmpanaS 




CommVault Simpana 8 eliminates the need for a myriad 
of disparate point-level products; reduces costs; and is 
inherently flexible, efficient, scalable, and adaptable. 
Simpana software employs licensable modules for 
Backup, Archive, Replication, Resource Management, 
and Search. Designed to give users an integrated data 
management system, all modules are built into the 
Simpana common platform. 

• Embedded Global Deduplication across tiers of storage 

• Recovery Management for single files, entire sen/ers, 
or entire sites 

• Consolidated protection across the virtual infrastructure 

• E-discovery and compliance needs are proactively 
addressed 

• Data protection can be easily extended to include 
local or remote laptops and desktop systems. 

Best For: Companies that want to reduce their storage 
hardware requirements and save costs. 



Nirvanix Storage Delivery 
Network 



^ nirvanix' 



Nirvanix Storage Delivery Network 

The Piemiar£nlerprisa Cloud Storage Service 






S1or«. Simp[ify. Save. 





The Storage Delivery Network, or SDN, from Nin/anix is 
a fully managed enterprise cloud storage service. The 
SDN is powered by a global network of storage nodes 
that is designed to intelligently store, deliver, and process 
requests in the best network location for maximum perfor- 
mance and enables policy-based file replication to opti- 
mize data protection and streamlined collaboration. The 
Nin/anix Management Portal offers Web-based manage- 
ment with immediate insight and control over Nin/anix 
account usage. Customers can choose from immediate 
access via CloudNAS, a software-based gateway to the 
SDN; develop to a robust API; or leverage backup and 
archiving software from partners. 

• Automatic intrusion detection and monitoring 

• Customizable policy-based geo-replication for storing 
multiple copies of data 

• High-performance global network 

• Robust encryption support for data uploads 

Best For: Offsite data protection, backup, and archiving. 



Quantum DXi4500 




Quantum's DXi4500 appliances are turnkey solutions 
that can be deployed seamlessly with all leading backup 
software using a simple NAS interface. They are de- 
signed for rapid, seamless integration and maximum 
client performance without changes to existing backup 
architectures or potentially disruptive media server 
upgrades, unlike software-based deduplication. Each 
DXi4500 model includes support for remote replication, 
virtual environments, and Symantec's OpenStorage 
interface as standard features. 

• Data deduplication in an easily shared NAS device 

• Two preconfigured models with 2.2TB or 4.4TB 
usable capacity 

• Reduces typical disk capacity needs by 90% or more 
through deduplication 

Best For: SMEs and branch offices in distributed sites 
that are seeking an affordable disaster recovery solution. 

Price: Starts at $12,500 



Quantum Scalar 140/180 



Salar.40 ^ — _ # 



Quantum's Scalar 140/180 are intelligent tape libraries for 
small and medium-sized companies and remote office 
environments of larger enterprises that are looking to 
save time and money spent on storage management. 
With embedded ILayer technology, the i40 and 180 pro- 
vide users with simpler tape management, fewer service 
calls, and market-leading investment protection through 
capacity-on-demand scalability. 

• Simplifies everything from initial setup and ongoing 
management to adding capacity over time 

• Reduce library management time by 50% 

• The 140 scales from 25 to 40 slots, and the i80 scales 
from 50 to 80 slots with a software license 

Best For: SMEs and remote office environments. 

Price: 140 starts at $7,500; 180 starts at $9,400 



Price: Starts at 25 cents per gigabyte per month for 
offsite RAID 6 storage 
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Processofs Product Spotlight fiigtilights options available in key data center product categories, providing product information side-by-side for easy comparison. 

Compiled by Seth Colaner 



Idealstor Bantam 




The Idealstor Bantam is a removable disk backup sys- 
tem designed to combine the best of disk and tape by 
using 2.5-inch SATA disks as backup media, which can 
then be sent offsite for storage and disaster recovery. 
The Bantam is priced for SIVIE budgets but has features 
that meet the needs of larger enterprises, as well. The 
system features data transfer rates of up to 480MBps 
and is bundled with iBac Data Protection Software 
from Idealstor. 

• Complete backup system offering up to 1TB of remov- 
able disk capacity 

• Disk capacities of 320GB, 500GB, 750GB, and 1TB 
currently available 

• Includes iBac 5.0 for native format backup and drag- 
and-drop restore with data deduplication 

• Bantam cartridges are housed in a rugged aluminum 
frame and are shock-proofed 

Best For: Replacing tape backup with a faster, larger, 
and more reliable backup media. 

Price: $299 for docking station with 320GB cartridge 

I 



InMage Software 




InMage 



The InMage product is an application and data recovery 
platform that supports remote disaster recovery, local 
backup elimination, and application failover/failback at both 
remote and local sites. InMage includes OX software, 
which runs on any Intel-based platform, and data taps, 
which are filter drivers installed on servers that you want to 
protect. InMage is designed to eliminate backup as a dis- 
crete operation that impacts production servers while inte- 
grating seamlessly with existing backup infrastructures. 

• Captures data to real time with hybrid recovery 
technology 

• Remote or local automated application services recovery 

• Application-aware solutions, managed centrally from 
a Web browser-based management console 

• Heterogeneous servers and storage 

• Leverages cost-effective IP-based networks for data 
capture and replication 

Best For: SMEs that want disk-based data protection to 
eliminate backups and provide application-aware recovery. 

Price: Appliance starts at $5,000; data taps between 
$1 ,500 and $4,000 (one per server) 



Nasuni Filer 



@fiier 













The Nasuni Filer is a virtual NAS appliance that offers 
traditional NAS capabilities via the cloud. The Filer is 
designed to make file access, storage, and protection 
easy and inexpensive by removing costs associated with 
hardware. Features include the ability to monitor cache, 
manage volumes and performance, and set file protec- 
tions, as well as support for Active Directory, file encryp- 
tion, deduplication, and synchronous snapshots. 

• Simple to set up and use 

• Ability to choose from a variety of different cloud 
providers, including Amazon Web Services and 
RackSpace Cloud 

• Easily scalable 

• Can be configured for primary or secondary storage 

Best For: Leveraging the cloud to store and protect 
the expanding file volumes offsite while retaining the 
local performance and functionality of an advanced 
NAS appliance. 

Price: $300 month to month; $250 with one-year prepay; 
$200 with two-year prepay 



Spectra Logic Midrange 
T-SeriesTape Libraries 




The Spectra Logic T-series of tape libraries includes 
the Spectra T200, T380, and T680, which are designed 
with scalability in mind. Built on the company's Tran- 
Scale architecture, the tape libraries feature inter- 
changeable components that make scaling up easier. 
With up to 2PB of storage capacity, the tape libraries 
also feature free encryption key management; media, 
drive, and library health monitoring; and partitioning 
and remote management. 

• Management via Web browser for easy operation 

• Built-in BlueScale 256-bit AES encryption and 
key management 

• Monitors its own drives, power supplies, controller, 
and robotics 

• Media Lifecycle Management and Certified Media 
tools detect media errors before they happen 

Best For: Midrange data centers. 



Spectra Logic T50e 
Tape Library 




The Spectra T50e tape library now features 30 to 150TB 
of storage (thanks to LTO-5 tape storage technology) in 
a 4U rackmount system and supports transfer rates of up 
to 280MBps. Designed to offer enterprise-class features 
to the SME market, the T50e runs the BlueScale man- 
agement interface and features free encryption key man- 
agement; partitioning and remote management; and 
media, drive, and library health monitoring. 

• Management via Web browser for easy operation 

• Built-in BlueScale 256-bit AES encryption and 
key management 

• Monitors its own drives, power supplies, controller, 
and robotics 

• Media Lifecycle Management and Certified Media 
tools detect media errors before they happen 

Best For: SMEs and remote offices. 



TOLIS Group bruAPP 




The bruAPP™ backup appliance resolves the issues of 
configuration, installation, and compatibility faced when 
implementing a networked system backup strategy. 
Proven reliability, cost-effectiveness, scalability, and 
client system software agents available for all modern 
operating systems are delivered without the requirement 
for heavily experienced system/network administrative 
personnel. Tightly integrated hardware components, and 
the venerable BRU™ software, provide backup and 
restore services independent of any server on the net- 
work. 1 U to 7U models are available to provide: D2T, 
D2D, and D2D2T operations; up to 28TB of net RAID 
disk stage capacity (RAID 5 + hot spare); and internal 
tape technology up to eight drives and 96 slots. 

• Enterprise-grade client/server backup services 

• Windows, Linux, and Mac OS X management 
consoles 

• Plug-and-play installation and intuitive operation 

• Totally self-contained using server-grade components 

Price: Starts at $2,899 



Contact: (480) 505-0488 I www.tolisgroup.com 
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Report: Web 2.0 
Can Hurt Your 
Security Posture 

Employees love how Web 2.0 technology and 
applications let them connect and collaborate 
in the workplace; IT managers and staff do 
not love how Web 2.0 technology affects their 
security posture. 

A recent study from the Ponemon Institute 
found that 52% of end users rarely or never 
consider security issues in their daily busi- 
ness communications. According to Mike 
Spinney, senior privacy analyst at the 
Ponemon Institute, "When employees start to 
bring downloadable Web 2.0 technology in 
the enterprise mix, they undermine the strate- 
gy that IT has put in place to monitor and 
control sensitive information." 




Of the 2,100 IT employees who responded to 
the survey, 35% say that Web 2.0 applica- 
tions have a "very significant impact" on the 
organization's security posture. All but 13% 
indicate that Web 2.0 interferes at some level 
with security posture. "The problem isn't that 
employees don't know about the company's 
no-download policy for unauthorized soft- 
ware, but rather, they see the security policy 
as unrealistic because of the efficiency and 
functionality of the Web 2.0 technology," 
Spinney says. In the survey, 70% of IT 
employees from U.S. -based corporations say 
that their organizations do not allocate suffi- 
cient resources to secure and protect critical 
Web site applications. 

Unclear On Responsibility 

The Ponemon study also found that IT employ- 
ees are unclear about who should be held 
responsible for the safe use of Internet applica- 
tions. In the United States, UK, and Australia, 
more than half of the respondents say that end 
users should be responsible. In France, most 
think that human resources, followed by infor- 
mation security, should take the responsibility. 
In Japan, legal and corporate IT are viewed as 
being the most responsible parties. 

Sun/ey respondents say the top four threats 
from insecure Web 2.0 use are workplace inef- 
ficiencies, malware, data loss, and viruses. A 
separate study by Ponemon Institute examin- 
ing the costs of a data breach found that insid- 
er negligence is a major cause of data loss. 
When it comes to better protecting your enter- 
prise, "Human error is a constant and consis- 
tent cause for data breach, and if you start to 
make people aware, you can make a huge 
improvement in your overall security posture 
without spending money on new products and 
technologies," Spinney says. 

"It's not enough just to say don't do it, 
because people are going to use these Web 
2.0 technologies if they don't see logic with 
the policies you put in place. You need to 
make sure they know how unauthorized 
downloads put the security of your organiza- 
tion at risk," Spinney says. 

by Nathan Lake 



Security Risks 

Limiting The Possibilities & Preventing Legal Liabilities 



by Chris A. MacKinnon 

Data center and IT managers have 
enough on their plates without having to be 
concerned with the potential for legal liabili- 
ties in the enterprise. But a high percentage 
of business is done over the Internet and 
intranets, so the potential for downloading 
copyrighted material, accessing question- 
able content, and performing other unlawful 
activities is high. Although companywide 
policies prevent and control some of these 
events, data center and IT managers can 
take other pertinent steps to limit these pos- 
sibilities and prevent them from happening 
in the first place. 

The Risks 

Steve Schlarman, eGRC solution manag- 
er with RSA (www.rsa.com), the security 
division of EMC, says a multitude of legal 
liability issues can arise from the electronic 
world when you look at copyrighted materi- 
al, inappropriate usage of systems, and other 
such items. Schlarman says possible liabili- 
ty issues include violating copyrights and 
creating a hostile workplace. "Electronic 
media presents some interesting nuances to 



Key Points 



To help prevent legal liabilities, compa- 
nies should implement policy programs 
designed to support accountability and 
the effective communication of policy 
and procedures. 

One of the best ways to protect your com- 
pany from legal liabilities is by creating 
communication between IT and the 
department that sets the policies. 

When preparing for prevention, take a 
look at the litigation process from start 
to finish. Ask yourself: "How can we pre- 
vent something bad from happening, as 
well as what happens if something bad 
does happen?" 



policy means practically for their depart- 
ment," she says. "The best-case scenario is 
when IT and the legal department work 
together to develop the policies in light of 
the needs of the business. IT input is invalu- 
able to the legal department in setting the 
policies, identifying areas of vulnerability, 
and implementing the policy." I 



She explains, "With the first ramification, 
you can be sued by your customers, your 
employees, and even people you just 
have data on. Usually, you're looking at 
money damages when the suit is settled 
(as most are) or finally litigated. What 
you typically don't account for is the liter- 
ally hundreds of hours your department 
will spend in searching your archives to 
comply with discovery." 

The second ramification, Rogan says, 
can be in the form of a civil suit (money 
damages) or a criminal prosecution (possi- 
bility of jail sentences). In either scenario, 
she says your company will likely face 
fines and countless hours of distraction. 
The bottom line, she says, "is both types 
of legal ramifications involve a lot of time 
and money that is spent on activities that 
are not related to the company's core busi- 
ness. Negative publicity and customer 
reactions can magnify the impact of the 
legal ramifications." 

According to Schlarman, a company 
needs to take a look at the litigation process 
from start to finish when preparing for pre- 
vention. "They need to ask themselves, 
'How can we prevent something bad from 



"Electronic media presents some interesting nuances 

to potential legal liability issues An inappropriate email 

or unlicensed software can go Viral' at the speed of electrons." 



- RSA's Steve Schlarman 

potential legal liability issues. The speed 
upon which violations can spread is much 
faster than in the 'real world.' An inappro- 
priate email or unlicensed software can go 
'viral' at the speed of electrons," he says. 

Barbara Rogan, chief legal counsel with 
LogLogic (www.loglogic.com), says com- 
panies also face risks beyond P2P networks, 
pornographic downloads, and offensive 
jokes. Rogan notes, "Privacy laws, includ- 
ing GLB, HIPAA, and HITECH, not to 
mention state laws like the Massachusetts 
Data Privacy Law (which just went into 
effect this year), are a potential risk for 
companies. It's no longer one-size-fits-all 
when it comes to limiting your risks." 

The Steps 

According to Vidya Phalke, CTO at 
MetricStream (www.metricstream.com), 
at the very least, companies should imple- 
ment policy programs designed to support 
accountability and the communication of 
policy and procedures. He explains, "They 
should have role-based publications, 
awareness, and acceptance programs as 
well as training. These should be support- 
ed by monitoring and documenting com- 
pliance through periodic audits, surveys, 
and self-assessments. Formal surveys, cer- 
tifications, and audits should be executed 
to affirm awareness, and the commitment 
to follow policies and procedures should 
be documented." 

The first and most important way to pro- 
tect your company, Rogan says, is commu- 
nication between IT and the department that 
sets the policies, which is typically the legal 
department. "IT must understand what the 
policies say and what implementation of the 



I 



From a pure technology perspective, 
Schlarman says the obvious candidates 
(firewalls, content filtering technologies, 
antivirus systems, and configuration man- 
agement systems) are all part of the solu- 
tion. "These systems will hopefully help 
prevent the issue from arising in the first 
place. But the ability to track what hap- 
pened is also part of the solution," he 
says. "SIEM (security information and 
event management) systems can help 
piece together what happened during any 
violations. In addition, solutions that help 
manage the storage of data, whether it is 
backup systems or technologies like data 
loss prevention tools, can also help keep 
tabs on where data is [and] what is being 
used and deal with retention periods to 
clean up old data." I 

Eric Skinner, CTO at Entrust (www 
.entrust.com), says it is possible to monitor 
for inappropriate content, both on Individ- I 
ual computers and at gateway points 
where traffic is flowing in and out. "Keep 
in mind," Skinner says, "that while moni- | 
toring for inappropriate activity, IT can 
also spot malicious or inadvertent data 
breaches, including those being caused by 
malware botnets." He says given the rise 
in mobile connectivity options such as 3G 
modems on laptops or high-speed Internet I 
capabilities on mobile devices, it is 
increasingly difficult to rely on network 
gateway monitoring, and more must be 
done on endpoint devices themselves. 

The Prevention | 

Rogan says the legal ramifications gener- 
ally fall into two buckets: lawsuits by private 
entities and lawsuits by the government. I 



happening, as well as what happens if some- 
thing bad does happen?,'" he says. 

Rogan says it is difficult to give one-size- 
fits-all advice because the nature of each 
company's business is so varied. But, she 
says, "If you're in a business that collects 
consumer data, caters to children, or oper- 
ates internationally, your company should 
invest in getting specialized advice as to the 
nature of the risk your company faces." Q 



Simple Steps 

According to Bill Roth, chief marketing officer 
at LogLogic (www.loglogic.com), organiza- 
tions can take the following steps to limit the 
liabilities on their network: 

• Track what your key personnel are doing. 
Insiders are the greatest source of data 
loss in an organization. 

• Have a password policy for your user 
logins, with rotation and password 
standards. 

• Do not use default passwords on network 
devices. 

• Follow IT security regimes such as 
ISO27001 that provide both processes and 
practices for building secure environments. 

• Take up best practices from wherever you 
see them: customers, partners, vendors, 
or competitors. 

• You will be hacked, and when you have 
been hacked, you can limit the damage by 
using a good forensics tool to learn how 
you were. 
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Defeating 

Combined 
Attacks 

Is Your SME Prepared For New Cyber Attacks? 



by Elizabeth Millard 

Cybercriminals and security vendors 
have always been locked in a seemingly 
endless battle to outwit each other, but 
new strategies employed by digital mis- 
creants might present whole new chal- 
lenges ahead. 

A recently released report from M86 
Security Labs (www.m86security.com) 
notes that cybercriminals are changing 
their tactics and moving toward combined 
attacks, which utilize ActionScript and 
JavaScript to thwart most of the proactive 
detection mechanisms available. 

The practice of code obfuscation in 
cyber attacks isn't new, the report points 
out — for several years, attackers have 
used the technique to bypass tradi- 
tional detection in security products. 
Fortunately, improvements by security 
vendors, such as real-time code analysis, 
have made simple code obfuscation tech- 
niques outdated, the report states, adding 
that in order to stay ahead of the security 
professionals, attackers have needed to 
find new ways to combat the new detec- 
tion mechanisms. 

Over the past few months, M86 re- 
searchers have observed the new tech- 
nique of code obfuscation, which comes as 
a combined attack with ActionScript — the 
scripting language built into Adobe's 
Flash — along with JavaScript, which can 
interface with ActionScript. 

Essentially, attackers can produce a 
two-way communication between Flash 
and JavaScript. In order to deobfuscate 
and analyze code, the full code is required, 
which means ActionScript and JavaScript 



Key Points 



• Cybercriminals have begun to craft 
attacl<s using botli ActionScript and 
JavaScript, and these threats tend to get 
around standard defense mechanisms. 

• Even if an enterprise's Web site doesn't 
contain credit card information, special 
efforts should be made to beef up security 
because the site can be used to access 
other corporate data. 

• Proactive security controls and strong 
Web security strategies should be 
employed to minimize the threat from 
combined attacks. 



Bradley Anstis, M86's vice president of 
technology strategy. 

"Traditional obfuscation methods have 
been around for quite some time, so secu- 
rity products have managed to find ways 
to deal with these types of subversive 
methods that bypass traditional security 
controls," he says. "Therefore, it's natural 
that combined attacks in the wild would 
evolve and this is an example of what 
we've seen." 

Although this is part of the security cat- 
and-mouse game in some ways, it's also a 
more serious situation than the usual, 
ongoing threats. 

Enterprises should be very concerned, 
Anstis says, because these types of attacks 
rely on an interface that is part of the 
Adobe Flash ActionScript language. 
Because Flash has a large install base, and 
is readily deployed across the Web in ad 
banners, navigation, and video players, it's 



"Proactive security controls are defined 
as a method that can detect 
a malicious attack without needing 
to have seen the attack before." 



■ M86's Bradley Anstis 



code must be analyzed together. The 
report notes: "Having only one part of the 
system is insufficient for the correct analy- 
sis. Dividing the function between the two 
types of script hinders most of the new, 
proactive detection mechanisms." 

Security Landscape 

The fact that combined attacks are 
becoming more prevalent has more to do 
with the current landscape than it does 
with security products, according to 



already become a common target for 
attacks. He says, "This is just another way 
to take advantage, and it does so in a way 
that looks harmless." 

From an attacker's point of view, there's 
great appeal to targeting the Web browser, 
adds Michael Shema, security research 
engineer at Qualys (www.qualys.com), a 
firm specializing in vulnerability manage- 
ment and policy compliance. 

"Browsers, and the sites people visit 
with browsers, contain lots of valuable I 



data," says Shema. "An attack that 
requires only JavaScript — such as cross- 
site scripting — will run in any browser 
regardless of operating system or version. 
Or, if an attacker can inject a link to a mal- 
ware site, then users' desktops can be 
compromised. In both cases, the attacker 
only needs to wait for victims to come 
across the booby-trapped Web page." 

Finding Protection 

In terms of putting security safeguards 
in place, Shema suggests that enterprises 
take a closer look at their Web site securi- 
ty in addition to their network perimeter. 

He notes that even if a site doesn't 
have a database backend with credit card 
information, a compromised site could 
be used to distribute malware, execute 
malicious JavaScript, or launch convinc- 
ing phishing attacks against its visitors. 
He says, "Businesses can improve their 
Web security by auditing source code, 
scanning the site for vulnerabilities, 
and continuously monitoring it for signs 
of compromise." 

Today's threats are of a dynamic 
nature, M86's Anstis adds, so it's imper- 
ative that enterprises review their current 
security solutions and ensure that they 
provide proactive controls in order to 
deal with these types of new and emerg- 
ing threats. 

"Proactive security controls are de- 
fined as a method that can detect a mali- 
cious attack without needing to have 
seen the attack before," says Anstis. 
"Reactive controls such as AV signa- 
tures, URL filtering, etc., are all based 
on previously known information and 
therefore have to have seen an attack 
before they can react to it." Proactive 
controls are able to scan Web content as 
it's being accessed by the user and deter- 
mine if there's any malicious intent from 
the data being downloaded. 

Currently, AV solutions are catching 
less than half of emerging attacks because 
of the volume of attacks and the increas- 
ingly dynamic nature of malware, Anstis 
states: "Proactive controls are designed to 
close this gap and this is why we recom- 
mend organizations look to layer historic 
reactive controls with innovative proac- 
tive technology." B 

Top Prevention Tips 

In its security report, M86 Security Labs 
issued some general recommendations for 
thwarting combined attacks: 

• Re-evaluate the security products used 
in the organization and by employees at 
home and ask vendors about what they 
do to detect and block these threats. 

• Teach users about best practices for 
their everyday Internet usage. For 
example, give them a "phishing test" in 
which they try to determine whether a 
site is real or false. 

• Keep Web browsers, add-ons/exten- 
sions, and desktop applications up- 
to-date with their latest versions, 
because attacks often target vulnerabili- 
ties found in older versions of Web 
browsers and applications. 

• Consider using browser add-ons and 
extensions to add an additional layer 
of security. 

• Review and familiarize yourself with pri- 
vacy settings, particularty the settings 
on the various social networks utilized 
by employees. 



Report: United States 
Faces Cybersecurlty 
Credibility Challenges 

As the Internet continues to grow and perme- 
ate virtually every aspect of government and 
business, the potential fallout from cyber 
attacks grows larger. As the scope of the risk 
Increases, cybersecurity becomes more cru- 
cial than ever. President Barack Obama, for 
his part, has made cybersecurity a priority for 
the U.S. government and has appointed a 
national cybersecurity 
coordinator to organize 
the cybersecurity ^-^SSki 
leadership. ^ 




However, 
according to 
a report by the 
GAO (Government Accountability Office), the 
United States has a ways to go before con- 
vincing other countries of its cybersecurity 
plan. The report indicates that there are too 
many U.S. governmental agencies and pri- 
vate sector entities involved, there is a lack of 
standards, and the U.S. cybersecurity plan 
needs clearer goals and objectives. 

There are a number of different agencies 
overseeing the nation's cybersecurity, Includ- 
ing the Departments of Commerce, Defense, 
Homeland Security, Justice, and State. 
These agencies are tasked with, among other 
things, developing international standards 
and policies for cybersecurity, assisting for- 
eign law enforcement with related investiga- 
tions, and representing the United States in 
International cybersecurity discussions, with 
different agencies filling different roles. 

In the private sector, groups of experts with 
no decision-making capabilities, private orga- 
nizations, and groups with more decision- 
making leeway such as the International 
Standards Organization are also involved. 

Improving Cybersecurity 

The GAO report offers several recommenda- 
tions for boosting the United States' interna- 
tional cybersecurity credibility. 

For starters, the federal cybersecurity coordi- 
nator should identify changes that need to be 
made and make those clear to the appropri- 
ate agencies to help focus the national cyber- 
space policy. 

The GAO recommends that the cybersecuri- 
ty coordinator work with the various federal 
agencies involved with cybersecurity to 
make clear goals, objectives, and tasks with 
performance metrics and timetables; work 
on technical standards; and develop ways to 
enforce U.S. laws. The report further sug- 
gests that the cybersecurity coordinator 
should collaborate with government and pri- 
vate sector entities to ensure all parties are 
engaged in the cybersecurity discussion and 
associated efforts. 

The fourth and fifth recommendations center 
around working with all involved federal 
agencies and international groups to create 
global cyber incident responses and indentify 
global cyber norms that are consistent with 
the country's national security interests and 
International cyberspace interests. 

According to the report, the federal cyberse- 
curity coordinator agrees with the GAO's 
assessments and is already working toward 
those goals. 

by Seth Colaner 
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Study Shows 
Data Retention 
Policies Often 
Are Not In Place 

Many organizations aren't implementing an 
information retention plan, even though they 
recognize its value. Symantec's 2010 In- 
formation Management Health Check Sur- 
vey showed that 87% of respondents think 
having a formal information retention plan 
is important, but just 46% of respondents 
have one in place. Additionally, respon- 
dents say 25% of their backed up data is 
being stored unnecessarily. 




Sean Regan, director of product marketing 
in Symantec's Information Management 
Group, says companies are keeping an 
increasing amount of unnecessary data 
because they either have no policy or fail to 
enforce what their written information man- 
agement policies dictate. Examples include 
the use of PST/NSF files and use of the 
backup environment to meet legal hold 
obligations, he says. 

True Definition Of Archiving 

"Infinite retention is infinite waste," Regan 
says. "Few companies fully understand the 
true definition of archiving and fail to apply 
deletion policies when they store information. 
This is a difficult process without an automat- 
ed solution. This means that companies store 
everything forever, and as a result, backup 
windows become unrealistic, storage begins 
to consume more than its fair share of the IT 
budget, and it makes efficient electronic dis- 
covery nearly impossible." 

The study, which includes responses from 
1,680 senior IT and legal professionals 
from around the globe, shows that compa- 
nies that retain data unnecessarily face 
overpaying for data storage, and organiza- 
tions that lack a retention policy could 
spend excess time and money reviewing 
data. Also, with large amounts of data on 
backup tapes, e-discovery has become 
more difficult and expensive. 

"Backup is designed for recovery," Regan 
says. "Information that needs to be retained 
and available for end users over a longer 
term should be retained in an archive." 
In addition to establishing an information 
retention policy, the study covers other rec- 
ommendations for organizations, such as 
keeping just a few weeks of backup and then 
purging or archiving the data after that. 
Organizations should also use backup only 
for short-term storage and disaster recovery 
and choose which files to archive or delete 
for long-term storage. 

Companies should use deduplication within 
applications and a backup environment, as 
well as a comprehensive archive system that 
will simplify discovery. In addition, data loss 
prevention technologies can help reduce 
risks. These practices will help companies 
better control their data and avoid unneces- 
sary costs, Symantec says. 

by Tessa Warner Breneman 
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A "NAC 
For Security 

Scalable Solution From InfoExpress 
Simplifies Network Access Control 



by Joseph Pasquini 

Safeguarding the corporate network 
from threats is a pivotal task for any busi- 
ness. Traditional methods such as firewalls 
and intrusion prevention systems do help to 
mitigate the risks, but the deployment and 
administration of such tools are characteris- 
tically dissimilar in both design and execu- 
tion. In addition, these types of solutions 
only serve to protect against threats originat- 
ing from outside the network; they do noth- 
ing to keep unwanted people off of the 
internal network in the first place. 



tools now known as network access con- 
trol," says Stacey Lum, InfoExpress' CEO, 
CTO, and co-founder. "As a pioneer in de- 
ploying the first NAC products on the mar- 
ket, InfoExpress was the first to recognize 
the issues with deploying the technology." 

One Name, Multiple Personas 

Several flavors of the CyberGatekeeper 
platform are available, each offering the 
ability to block network access in specific 
ways. InfoExpress' CyberGatekeeper lineup 
consists of the CyberGatekeeper Server 
appliance, the CyberGatekeeper Remote 




Noncompliant, infected, or otherwise 
improperly configured computing systems 
not only pose serious security risks to the 
corporate landscape, but such faults can ulti- 
mately lead to unforeseen financial strains 
resulting from reduced bandwidth, system 
outages, and data loss. The simple fact is 
that even a solitary infected host attached to 
the wire can swiftly wreak havoc and make 
life very frantic in a real hurry. 

So, what is the answer? One approach is 
network access control, or NAC. When 
used in conjunction with traditional perime- 
ter technologies as part of a layered security 
model, NAC solutions allow companies to 
comprehensively enforce access pohcies for 
end-user workstations, laptops, and smart- 
phones. Only trusted nodes meeting the 
requirements of defined centralized policies, 
which usually include minimum OS patch 
and anti-malware protection levels, are 
allowed access to network resources. As a 
result, untrusted nodes are quarantined and 
kept at bay until remediation efforts bring 
the offending system back into conformity. 

InfoExpress (www.infoexpress.com) has 
established itself as a strong presence within 
the NAC market segment. With a history of 
pioneering enterprise network security solu- 
tions dating back to 1996, InfoExpress 
prides itself on having brought the indus- 
try's earliest NAC solution to fruition. 
Known collectively as CyberGatekeeper, 
this solution has since matured over the 
years into a family of interrelated scalable 
products designed to protect enterprise net- 
works and ensure compliance with estab- 
lished security policies. Taken as a whole, 
CyberGatekeeper accomplishes this protec- 
tion by auditing all end points prior to grant- 
ing access to the network; devices not in 
compliance are prohibited from the net- 
work. Automatic as well as interactive 
remediation of unhealthy workstations is 
also provided. 

"More than 10 years ago, InfoExpress 
was the first company to implement the 



appliance, and Dynamic NAC for Win- 
dows. "CyberGatekeeper provides all the 
key components of NAC, including identi- 
ty-based access, auditing, policy creation 
and management, remediation, and restrict- 
ing access to unauthorized end points," 
Lum says. 

CyberGatekeeper Server, InfoExpress' 
core product offering, leverages hardware 
and software components to ensure that an 
organization's endpoint nodes are compliant 



infoexpress 



with baseline security and application 
requirements. Available in both lU (CGS- 
1000) and 2U (CGS-2000) models, the 
rack-mountable CyberGatekeeper Server 
appliance offers centralized security policy 
management as well as continuous monitor- 
ing and enforcement of deployed software 
agents on Windows, Mac, and Linux work- 
stations. Dynamic Web agents for Firefox 
or Internet Explorer provide for guest access 
to the network. When necessary, adminis- 
trators may also grant access to specific net- 
work end points lacking an installed agent. 
A maximum of 10,000 concurrent audit ses- 
sions are supported. 

Network access control methods include 
802. Ix, inline, interfaces to most SSL 
VPNs, Cisco NAC, and InfoExpress' 
own Dynamic NAC deployment models. 
InfoExpress also offers modules that pro- 
vide direct interfaces to vendor-specific net- 
work equipment, including switches, 
WLAN controllers, and DHCP servers. 
"Because these interfaces were designed 
specifically with NAC in mind, they 
provide organizations with robust NAC 
capabilities that leverage vendor-specific 
equipment," Lum adds. 

Also a hardware appliance, CyberGate- 
keeper Remote is an inline-only version 



of the CyberGatekeeper Server targeted 
primarily toward the protection of remote 
access VPNs. The CyberGatekeeper 
Remote solution is typically installed 
between a network access device such as 
a VPN concentrator and an organization's 
protected network. 

"Customers with WLANs, LANs, and 
remote access VPNs rely on CyberGate- 
keeper to mitigate the risks of mixing 
mobile, unmanaged, and managed end 
points on the same network," Lum says. 
"This translates into reduced costs for reme- 
diation and incident response because unau- 
thorized and noncompliant end points that 
might threaten the network are restricted 
from network access." 

Rounding out the lineup is the Dynamic 
NAC Suite, which uses an organization's 
existing topology and requires no network 
device modifications. Intended for low- 
impact deployments, the software-based 
Dynamic NAC utilizes agents running on 
selected end points as policy enforcers. In 
turn, these enforcers report back to the 
Dynamic NAC server, which lets enforcers 
know which devices are unauthorized. 
Unauthorized nodes are then quarantined 
and restricted by the enforcers. "Cyber- 
Gatekeeper with Dynamic NAC (DNAC) is 
unique to the industry as it requires no net- 
work changes, making it many times easier 
and faster to deploy than other out-of-band 
NAC solutions," Lum says. 

"DNAC continuously checks all devices 
on the network and offers centralized man- 
agement, flexible policies, granular quaran- 
tining and monitoring, and remediation of 
I unhealthy systems," Lum adds. "DNAC can 
also be installed within hours. Because there 
is no need to change the network or update 
network devices. Dynamic NAC doesn't 
require expensive network upgrades." 

Making NAC Feasible 

Lum is quick to point out that Info- 
Express prides itself on helping its cus- 
tomers navigate the sometimes murky 
waters of NAC. 

"The NAC market experienced an 
explosion of hype as industry analyst 
I firms predicted that revenues would reach 
the billions by 2010," Lum explains. 
"Many companies that knew nothing 
about the fundamentals of NAC jumped in 
with remarketed products and called it 
I NAC. In addition, major networking and 
software vendors announced they would 
be offering products in the coming years, 
further adding to the confusion. After 
years of marketing overhype and unkept 
promises, customers were left with expen- 
sive and hard-to-implement products." 

She continues, "InfoExpress was able to 
build the CyberGatekeeper family of NAC 
solutions to surmount the key barriers to 
NAC adoption. By deploying quickly, cost- 
effectively, and without network changes, 
CyberGatekeeper makes NAC feasible to 
many organizations for the first time." 13 

InfoExpress 



(613)727-2090 
www.infoexpress.com 

Description: Scalable product line that con- 
trols network access by auditing all end 
points before granting access to internal cor- 
porate resources. 

Interesting Fact: The CyberGatekeeper 
appliance's "monitor mode" features on-the- 
fly remediation without requiring organiza- 
tions to actually restrict access. 
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Identify Data Center 
Weaknesses 



Move Toward Fixing Points Of Failure 



by Elizabeth Millard 

Every data center has potential areas of 
weakness, ranging from less-than-ideal 
security strategies to infrastructure issues, 
network glitches, and physical building 
problems. Unfortunately, there's no single 
product that can ferret out all of the weak- 
nesses, but there are tactics for finding 
points of failure, which is the first step in 
creating a more secure, reliable, and effi- 
cient data center. Here are some strategies 
for building strength. 

Start With Monitoring 

Data center managers concerned about 
finding weaknesses aren't alone. In a recent 
survey of data center users, Emerson 
Network Power noted that there's a grow- 
ing concern regarding adequate monitoring 
and data center management capabilities. 
Also notable was increased concern over 
data center availability and heat density. 

"With these three top concerns in mind, it 
is important for data center managers to 
track power and cooling consumption and 
compare it to capacities," says Ashish 
Moondra, senior product manager for power 
products at Avocent (www.avocent.com), 
an Emerson division. "This will help data 
center managers anticipate areas of weak- 
ness and act quickly to fix them." 

Although it's still important to walk 
around a data center's physical space and 
check connections and gauge temperatures, 
most weaknesses will likely be found 
through monitoring software, note many 
experts. These tools are the only way to 
gain visibility into the network to deter- 
mine potential problem areas, says Joe 
Yeager, a product manager at Lancope 
(www.lancope.com), a network perfor- 
mance and security monitoring firm. 

"End-to-end visibility gives data center 
managers the situational awareness neces- 
sary to formulate a proactive plan of attack 
and reveals the effectiveness of ac- 
tions taken to bolster data center health," 
he notes. 

Visibility should be pursued at every 
level, he adds, even in the virtual layer: 



TOP TIPS 



For an overall view of the data center, 
which can establish a baseline, bring in a 
security consultant or system integrator 
who can offer vulnerability and threat 
assessment services and penetra- 
tion testing. 

Using automated monitoring tools that 
have some type of rating system that prior- 
itizes areas of weakness can be beneficial, 
as notifications can be tweaked. 

Automate the provisioning and manage- 
ment of a monitoring system in order to 
allocate resources to users according to 
organizational policies, business priorities, 
and service-level agreements. 



"Visibility into the virtual environment to 
the same level of the physical environment 
should be a target for every data center." 

Find Tlie Rigtit Tools 

Due to the breadth of infrastructure and 
operations, there's no silver bullet piece of 
software that can accomplish a comprehen- 
sive vulnerability assessment, according to 
Ozzie Diaz, CEO of AirPatrol (www. air 
patrolcorp.com), developer of wireless 
security solutions. However, periodic pene- 
tration testing and automated compliance 
auditing can be helpful, and for highly 
dynamic threats such as viruses, monitoring 
tools can prevent them from spreading. 

Also vital is watching power utilization, 
adds Moondra. He notes, "Efficiency and 
total cost of power in the data center is 
becoming increasingly important for data 
center managers to control. Unfortunately, 
the reality is that most data center man- 
agers don't have visibility into actual en- 
ergy consumption." 

With monitoring tools, managers can 
gain insight into consumption, figure out 
costs, and make strong availability and effi- 
ciency decisions that can optimize the 
usage of all physical infrastructure compo- 
nents, Moondra believes. 

One point to consider in general is that 
monitoring tools typically only monitor 
ingress and egress points but fail to monitor 
activity within a data center, says Yeager. 
"Packet sniffer technologies simply don't 
scale within the data center, while syslog 
and SNMP monitoring solutions don't give 
the level of granularity required," he says. 

Visibility into system-to-system activity 
is further complicated by virtual environ- 
ments, which often mask VM (virtual 
machine)-to-VM communications, he adds, 
and seeing those communications is critical 
for securing the network, as well as manag- 
ing network and application performance. 

He recommends that IT departments use 
some type of tool that utilizes flow teleme- 
try — available in most routers and switch- 
es — which can monitor, troubleshoot, and 
secure the data center across both physical 
and virtual environments. 

Create A Sctiedule 

With knowledge of monitoring in place 
and tools that can help accomplish the task, 
it's time to set a schedule that makes sense 
for the center. Nearly all monitoring soft- 
ware works constantly and provides notifi- 
cation of potential problems, but there still 
needs to be a regular check of the tools 
themselves to make sure they're tracking 
issues properly and sending notifications to 
the right people. 

Moondra recommends that managers 
using monitoring software pull reports once 
a month. Reports can be scheduled for 
automatic generation, but managers need to 
set aside time to actually study them and 
see if any trends are forming. 

"The reports can provide insight [into] 
capacity trends so managers can have a 
clear view of the status of their data cen- 
ters and are able to make proactive 



Key Points 



Develop a comprehensive monitoring 
plan that includes staff time and vendor- 
supplied tools to help identify potential 
weaknesses. 

Choose tools that work well together and 
cover numerous issues such as power 
consumption and flow telemetry. 
Schedule regular checkups for all the 
automated monitoring tools in place to 
make sure they aren't working as points of 
weakness themselves. 



decisions based off of report results," 
says Moondra. 

Although these types of regular check- 
ups are necessary, it's useful to automate as 
much as possible, Yeager adds. Managers 
should set tools to automate whatever can 
reduce the burden of daily administration, 
he says, so that more focus can be put on 
tasks that can't be automated, such as man- 
ual tests and training programs. 

Address Design Issues 

Automated tools can go a long way 
toward identifying weaknesses and help- 
ing managers to strengthen their en- 
vironments, but sometimes, the weakness 
lies in overall data center design. If a 



vulnerability assessment uncovers de- 
sign challenges, they can typically be ad- 
dressed by consolidation, standardization, 
and virtualization, according to Peter 
ffoulkes, vice president of marketing at 
Adaptive Computing (www. adaptive 
computing.com). 

With consolidation, he recommends 
eliminating "siloed" resources that may be 
underutilized yet are unable to be used for 
other purposes. The goal is to develop a 
single, flexible pool of resources that can 
easily be applied to support multiple busi- 
ness services, he notes. 

Standardization can be used to reduce the 
number of different hardware and software 
architectures that are necessary to deliver 
the required business services, ffoulkes 
notes. In terms of virtualization, he says, 
"The major benefit comes from the logical 
separation of the software stacks that deliv- 
er business services from the underlying 
infrastructure, thus removing many depen- 
dencies and allowing the data center to be 
considered as a 'flat computing fabric' 
where the application stacks can be 
deployed on demand." 

The goal in employing these strategies is 
the same as using monitoring tools and 
hiring security consultants to do risk 
assessments: to find weaknesses that might 
compromise a data center and lead to 
downtime. By bringing together multiple 
strategies, tools, and tactics, as well as 
automating processes and looking at all 
aspects of a center, IT managers will gain 
visibility into the whole center, and through 
those multiple perspectives, they can do 
some strength training, data center style. B 
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I Survey: Productivity A Concern 
With IT Security Policies 

According to a new Robert Half Technology 
survey of 1 ,400 ClOs at organizations with 
100 or more employees, IT security mea- 
sures can sometimes limit productivity and 
subsequently generate employee com- 
plaints. Specifically, 12% of ClOs respond- 
ed that it is very common for employees to 
complain about Web-limiting IT security 
measures, and 29% of respondents report- 
ed that complaints were somewhat com- 
mon. The report suggests that if a small 
percentage of employees are complaining, 
then instead of relaxing Web policies, ClOs 
should strive to better explain the reason for 
the restrictions. If complaints are more com- 
mon, however, the firm recommends re- 
examining whether the security policy is 
adversely affecting productivity. In any 
case, the worst option is to leave Web poli- 
cies wide open or to let outdated policies 
remain in place. 

I Rustock Botnet Accounts 
For 40% Of All Spam 

According to a report by Symantec's 
IVIessageLabs Intelligence, the Rustock 
botnet is responsible for more than 40% 
of all the world's spam. In April, when the 
MessageLabs division looked at these num- 
bers, 2.5 million computers were part of 
Rustock, but that number has shrunk to 1 .3 
million machines, mostly concentrated in 
North America and Western Europe. The 
Rustock botnet currently sends out about 46 
billion spam messages per day, up from 43 
billion in April. The uptick in volume despite 
the reduction in infected computers may 
be because Rustock stopped using TLS 
(Transport Layer Security) to encrypt its 
messages, which can be slow and re- 
source-intensive. 

I Dell Posts Earnings Increase 

Dell saw a rise in net income and revenue 
during its second fiscal quarter because of 
strong demand for the company's servers 
and networking and storage systems. Net 
income was $545 million, a 16% increase 
compared to the same quarter last year. 
Revenue rose 22% from a year ago to 
$15.5 billion, beating analyst forecasts of 
$15.2 billion. Revenue from the company's 
servers and networking systems rose 35% 
to $1 .89 billion, and its services division 
posted a 57% increase to $1 .9 billion. 
Dell says it is seeing strong demand from 
its business clients as they update out- 
dated technology. 




I WWAN Chipset Market On The Rise 

Thanks to the iPad, the Kindle, and a whole 
host of other tablets and e-readers, the 
demand for embedded wireless wide-area 
networking chipsets is expected to grow sig- 
nificantly, according to a recent report from 
iSuppli. By 2014, the research firm predicts, 
the media content consumption slate market 
will be drawing 20.7 million embedded 
WWAN chipsets per year. At the same time, 
the market segment will absorb 2.1 million 
embedded WWAN modules. Netbooks and 
portable media players are expected to con- 
tribute to the demand, iSuppli says, as will 
mobile handsets. 



by Bridget Mintz Testa 
• • • 

When it comes to compliance with reg- 
ulatory or industry mandates, IT needs to 
be concerned primarily with two issues: 
privacy and data integrity. "Concerns 
about data integrity have been around for 
years now, but privacy issues have come 
to light, especially with the passage of the 
HITECH (Health Information Technology 
for Economic and Clinical Health) Act. 
There is also a growing trend of states 



Key Points 



• To comply with privacy regulations and 
standards, you must know what types of 
data you have and which subset of it must 
be protected. 

• Once you know that, you must assess risk 
that originates from violating regulations 
and from business activities. 

• Implement the necessary controls for 
the most significant regulations and/or 
standards to which your company is sub- 
ject, and it will be easier to implement 
controls for less significant regulations 
and/or standards. 



passing their own privacy laws, which 
seek to reach out and affect entities 
beyond their borders that handle informa- 
tion about their residents. Here, we focus 
on the main national laws and mandates, 
but tracking events in state privacy regula- 
tions is highly recommended. 

Compliance Starts With Data 

Regulations and industry mandates 
with which enterprises must comply gen- 
erally cover three types of information: 
health, financial, and personally identifi- 
able data such as full names, birth dates. 
Social Security numbers, credit card 
numbers, and so on. To meet the terms of 
these regulations and mandates, an enter- 
prise must first evaluate the types of data 
it has and determine what data it needs to 
protect. This is actually much more sub- 
tle than it seems. 

For example, maybe your enterprise 
isn't in health care or financial services, 
but you provide Web hosting or email ser- 
vices to a large number of businesses, 
some of which may include physicians' 
offices, clinics, pharmacies, labs or banks, 
merchants, loan companies and paycheck 
processors, and so on. Your enterprise 
may have the financial or medical infor- 
mation of many individuals passing across 
its Web servers, stored in databases it cre- 
ated to support customer Web sites or 
transmitted through its email servers. 

Until 2009, numerous companies that 
provided services like those outlined previ- 
ously weren't subject to HIPAA. Things 
changed, though, when the HITECH Act 
was passed. "The HITECH law extends 
HIPAA compliance to the business part- 
ners," says Barbara Rogan, chief counsel 
for LogLogic, which provides solutions for 
regulatory compliance and managing logs. 



E C U R I T Y 



Of Special Interest To Health Data Centers 



security events, and IT performance. If a 
company is found to be willfully negligent 
in a breach of medical records, Rogan says 
HITECH fines can hit five or six figures 
and possibly even more. "You must know 
what you have on your network and close 
the gaps in security," she says. 

Indeed, even if the only medical infor- 
mation an enterprise stores is that of its 
own employees, that data is subject to 
HIPAA and HITECH privacy protection. 

And if an enterprise receives or stores 
financial information about individuals, 
it must comply with the Payment Card 
Industry Data Security Standard, as well 
as the Financial Modernization Act of 
1999, also known as the Gramm-Leach- 
Bliley Act. 

Assessing Risk 

After you've determined the kind of 
data your company holds, the next step 
is to assess the risks. "Identify the key 
risks to your organization," says Scott 



Wisniewski, director of risk technologies 
at Protiviti, a global risk and business 
consulting company. "These can be regu- 
latory, or they can be business — take the 
business processes into account." 

Don't just think about regulations when 
you're assessing your enterprise's risks. 
Consider, for example, what would hap- 
pen if black hat hackers were to steal your 
clients' health information or financial 
data: Business would be lost, and your 
enterprise's reputation would be tarnished. 
That's before regulators and attorneys 
enter the picture. 

"Compliance is just one [aspect of] 
developing a security program," says 
Kevin L. Richards, international presi- 
dent of ISSA. "Other [questions to ask] 
include what do my customers expect? 
What are my competitors doing? What 
are my needs? Security programs can 
look completely different depending on 
your needs." 

It's possible, of course, to create so 
much security — to lock down access so 
much — that an enterprise can't func- 
tion. "It's a risk-evaluation/risk-tolerance 
situation," says Todd Chambers, chief 
marketing officer of Courion, which spe- 
cializes in identity, access management, 
and compliance solutions. "What's an 
unacceptable risk? What's a reasonable 
amount of security? You must constantly 
evaluate these questions as threats and 
regulations change and as the amount 
and types of data coming into and leav- 
ing the company change." 



Achieving Reasonable Data Security 

Securing private data means you must 
have the right controls in place. "A control 
structure is designed in the context of the 
full risk profile," Wisniewski says. "If you 
try to do controls on a regulation-by-regu- 
lation basis, you could get in trouble," 
Wisniewski says. "You could miss some- 
thing, and it could be redundant." 

There's a cleaner, simpler approach. "If 
you adhere to the bigger themes in regula- 
tion, then you're adherent to most of 
them," Chambers says. So, if you already 
have a control structure in place for health 
data under HIPAA-HITECH, then estab- 
lishing a control structure for financial 
data under Gramm-Leach-Bliley should 
not be a whole new effort, rather an exten- 
sion of what you've already done. 

Typical controls for both types of data — 
indeed, for any type of sensitive data — 
include identity and access control and 
management. You must know who has 
access to data and the type of access indi- 
viduals have, and you must be able to track 
when data was accessed and by whom. 

Controls can take many forms. For 
example, you can decide to encrypt credit 
card data, or you can choose to only take 
payments via another source, such as 
PayPal, and thus eliminate the need to 
handle such data at all. 

"Put in place the right technology prod- 
ucts to monitor compliance and what's on 
your network," says Bill Roth, chief mar- 
keting officer of LogLogic. "You must 
understand what's happening with your 



database. You must have full visibility into 
what's happening on your network, so you 
must log what's happening everywhere on 
it. Then, when you find you've been 
hacked, you can remediate it much faster." 

The faster you can correct a breach, the 
better the regulators, customers, and the 
public views it. "If you fix things fast, 
fines and penalties decrease substantially," 
Rogan says. "It shows good faith." 

Companies that carelessly handle sensi- 
tive data get penalized in the court of 
public opinion, in the pocketbook, and in 
the courtroom. Q 

Data Security 
Technologies 

Various technologies and practices can help 
enterprises establish the necessary controls 
for protecting sensitive, private data. Bill Roth, 
chief marketing officer of LogLogic, says 
these technologies and practices include: 

• Database security manager 

• User authentication software, along with 
higher levels of authentication 

• Firewalls 

• Network port scanning and intrusion 
detection software 

• Automated software patching and updates 
as vendors release them 

• Well-documented employee onboarding 
and exit procedures that include notifying 
IT when an employee leaves 



"A control structure is designed in the 
I context of the full risk profile. If you try to 
do controls on a regulation-by-regulation 
basis, you could get in trouble." 

- Protiviti's Scott Wisniewski 
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Key Points 



Unified communications simplifies 
the costs and expertise necessary for 
successful business communication. 



Don't buy more functionality than you need; 
instead, plan a UC implementation based on 
IT staff skills and projected business growth. 



Commercial and open-source UC solutions 
are available. An open-source solution Is 
viable if your IT staff has strong Linux skills. 



Communications Convergence 

Unified Communications Reduces The Cost & Complexity Of Connecting With Others 



©' 




BY BILL HAYES 

In the business world, the ability to communicate quickly can 
help level the playing field. Unified communications technol- 
ogy, or UC, allows its adopters to share information in a 
more agile manner, making its users more available to others. 



UC employs a single interface to blend a 
variety of real-time technologies, such as 
conventional and IP telephony, instant mes- 
saging, and videoconferencing, with slower 
technologies, such as email, SMS, voice- 
mail, and faxes. 

The major benefit for an SME, particular- 
ly a very small business, is UC's ability to 
cut down on the time required to contact a 
person, explains Joslyn Faust, principal ana- 
lyst at Gartner and co-author of a recent 
report on UC products for SMEs. "It's real- 
ly important for SMBs to be reachable," 
Faust says. "Lots of SMB folks are not sit- 
ting at desks; they are doing many tasks." 

UC technology can also allow companies 
to better control a call to ensure successful 
completion and provide users real-time 
presence information about a specific per- 
son or a group of people. 



"The simplicity of modern all-IP-based 
UC systems often pertains to ease of use for 
end users and systems. Users can leverage 
the power of UC applications, such as 
telephony presence-enabled desktop applica- 
tions, without requiring training, huge manu- 
als, or technical assistance," says Bernard 
Gutnick, senior director of product market- 
ing for ShoreTel (www.shoretel.com). 

■ WHAT'S AVAILABLE 

UC solutions for SMEs can range from 
single-appliance solutions to more complex 
multiserver implementations. Generally, the 
complexity rises with products that offer 
more flexibility. According to Faust, a sin- 
gle-box solution could scale for up to 1 ,000 
employees. For more than 1,000 users, UC 
solutions become more complex in order to 
offer more flexible UC capabilities. 



For midsized companies that are making 
use of VM (virtual machine) technology, 
Faust says there are already several vendors 
with solutions that can run on virtual plat- 
forms, and most vendors will be offering 
virtual solutions within the next few years. 

If a small business is strapped for IT tal- 
ent or if quality of service is a main concern, 
then a service-based UC solution would 
work well. However, in complex cases 
where there might be multiple locations or 
call centers involved, then a service-based 
solution may not be the best option. 
Alternatively, a premises-based solution 
where the company has IT staffing and 
owns the UC solution would offer a long- 
term savings over a service-based solution. 



■ ONE SIZE DOES NOT FIT ALL 

According to Faust, SMEs should select a 
UC solution based on their IT resources and 
organization size. She cautions businesses 
to carefully size their UC solutions for their 
current needs and not buy too much capaci- 
ty or more functionality than they need. 

Gutnick adds that SMEs must select UC 
solutions that allow for seamless growth 
without requiring upgrades, retraining, or 
system re-engineering. 

Smaller companies are generally con- 
cerned with simplicity of operation, while 
for larger companies, flexibility of applica- 
tions is an important factor. "Look at costs 
involved in scaling up," she advises. 

Companies should consider how much of 
the investment they can retain when scaling 
up, she adds. In growing from 100 employ- 
ees to 500 employees, it's not as difficult to 
change management consoles, she says; 
beyond that, planners should keep an eye on 
how flexible the UC solution remains as the 
enterprise grows. liJ 



Proprietary vs. Open-Source Solutions 

Organizations that have Linux-sawy IT staff could make use of open-source UC solutions which offer a 
competitive savings over proprietary solutions, according to Joslyn Faust, principal analyst for Gartner. 

Linux-capable organizations could look to UC solutions that work over the open-source Asterisk PBX 
project and mask the complexity of UC operations, Faust says. A Linux-based UC solution could offer 
more flexibility than a commercial product and be less expensive, she notes; however, adopters must 
have good Linux skills. 



We Buy Used 

Cell Phones 



& pay %^ 
up to 



100 



for each 
plionel 



Some phones have no value. See current purchase price list 
for individual model prices at wwvy.pacebijtjer-cdm 



within 4 days! 




Pace 



Ri tWaJmf www.pacebutler.com 
g^^^ 1-80O-24S-5360(4OS) 



{405)755-3131 




Thanks to DMD, we 
don't have to sit on 
our old computer 
equipment anymore. 



retrieve = . c^furbish ■ reuse ■ recycle - remarket 



We Purchase: We Offer: 



Computers/Laptops 
Networking Equipment 
Power/Environmental 
Telecommunications 
Complete Data Centers 
Printers 



Asset TrackingyReporting 
Deinstallation/Packing/Transportation 
DOD Level Data Destruction 
Epa Recycling/Reuse 
Ongoing Support Plans 
Technology Refresti/lnstall Programs 



At DMD Systems Recovery, we remove ttie headache from asset 
disposal. We can manage the whole process from deinstallation to 
asset remarketing. We worry about data destruction, EPA 
regulations, logistics, and insurance so that you don't have too. 
Don't tie up your resources or take chances with you data or 
environmental issues. Gall DMD today. 



DMD SYSTEMS RECOVERY, iNC, 

P'Dvidlng QUALITY GGDDS ird SERVICES \w IndJslFy. 

runes' e'ATCOM. CWw Bmnwiau'viiu, CnnrnC*-* Ctmmt^w. IIP AuiWMM. 



dbg 



DEC-Compaq-Cisco-Sun-SGI 



770-931-7732 

Fax 770-931-9416 

www. dbgwe b . CO m 
salesp@clbgweb.com 



AlphaServer GS160 Model 16 

Base System for OpenVMS 

• DY-160CG-AA 

• One Alpha 21264 Processor 1224 MHz 

• Four Quad Building Blocks 

• One 14-Slot PCI Shelf 

• OpenVMS Operating System License 

ALSO AVAILABLE: 

• Additional 1224 MHz CPU w/SMP 

• Additional Memory 

• Additional PCI Shelves 

• Additional PCI Options 



2 Systems In Stock! 



Authorized COMPAQ' Reseller 

WE WILL BUY YOUR USED HARDWARE! 




Pegasus Buys, Sells and Offers Depot Maintenance 
& Flat Rate Repair On: 

KronosTime Clocks, Flat Panels, 
POS & Symbol, HHP, PSC,Telxon, 
Metrologic, Barcoding Equip 



We can supply any configuraton you 
need. If you have clocks installed and 
need a specific KOS version we can 
help you. Same is true on I/O Boards. 

Specialize in 420G, 440B, 
460F, 480F, 551, and 4500's 



Ethernet Daughter Board, Modem Option, 
Remote Readers, Bell Relays, Master Sync, 
Battery Backup Kit, Dual Reader, I/O Board, 
External Reader I/O Board, Touch ID 




Pegasus Computer Marketing, Inc. 

(800)856-2111 I www.pegasuscomputer.net 



Information 
Technology 
Trading 



Experience to find you tlie 
riglit technology solution. 

AS/400 • RS/6000 • Sun Microsystems 
Storage • Tape Bacl<up 



(877)715-3686 | www.itechtrading.com 



PROCESSOR 

Subscribe Today! 

Call (800) 819-9014 



Subscribe 
Online! 

Go towww.processor.com 




Page 38 



Processor.com 



September 10, 2010 



MESSAGING & TELEPHONY 



Hosted Unified 
Communications 
For The Masses 

A New Way For SMEs To Meet 
Their Business Communication Needs 



by John Brandon 

The emergence of UC (unified commu- 
nications) in business has caused a stir for 
companies at all levels, both large and 
small. Like customer relationship manage- 
ment of a decade ago, UC seeks to stream- 
line business communications, including 
videoconferencing, phone calls, instant 
messaging, and even Web conferencing 
and quick video chats. The "unification" 
comes into play when data center man- 
agers attempt to consolidate the back-end 
requirements for each disparate communi- 
cation method. Fortunately, hosted unified 
communications does most of the leg- 
work. The major challenge: deciding 
which hosted platform will work best for 
your organization. 

Types Of Hosted UC 

The first step in choosing a hosted UC 
platform is understanding the available 
options. As you can imagine, with any 
new technology that consolidates several 
tech silos, hosted UC can often encom- 
pass a wide variety of technologies. For 
some, hosted UC means hosting your 
PBX infrastructure in the cloud and then 
selecting whatever extra features are 
available, such as instant messaging. In 
other cases, it can mean one end-to-end 
solution for every business communica- 
tion possible. 

Frank Grillo, executive vice president 
of implementation, support, and market- 
ing at Cypress Communications (cypress 
com.net), says this distinction on host- 
ing PBX is a good one. There are hybrid 
options, he says, where the provider 
might offer videoconferencing and 
telepresence in the cloud while the SME 
continues to maintain on-premises tele- 
phone services. 



Key Points 



• Hosted unified communications is often 
split between public cloud offerings over 
thie Internet and thiose that run in a private 
cloud from a third-party remote vendor. 

• There are often base services for hosted 
UC, such as hosted PBX and video, but 
extra services such as instant messaging 
and Web conferencing are sometimes 
added features. 

• Costs often include up-front fees per user 
that are related to setup and configura- 
tion. There are also costs associated with 
the end-user hardware, such as an IP 
desk phone. 



Scott Gode, vice president of product 
management and marketing for Azaleos 
(www.azaleos.com), says another major 
distinction is between private hosting and 
public hosting. For UC hosted in a private 
cloud, a third-party company might man- 
age the service remotely, but the connec- 
tion to your company is not on the public 
Internet. Otherwise, public hosted UC uses 
the standard Internet. 

Advantages Of Hosted UC 

Like any cloud-based service, all of the 
typical advantages for hosted UC apply, 
including faster scalability, which is the 
ability to add users quickly and support a 
growing capacity in data. This is important 
for an SME that anticipates growth and 
can work the other way, as well: A compa- 
ny can quickly scale down their hosted UC 
services if they experience a downturn. 

William Bumbernick, CEO of Alteva 
(www.altevatel.com), says hosted UC pro- 
vides additional benefits to an SME, how- 
ever. One is that the company suddenly 



becomes much more efficient in terms of 
business communication with customers. 
This was always the purview of much 
larger companies that installed vast UC 
services to manage communication end- 
points with customers. An SME was left 
to fend for itself and develop a UC solu- 
tion that was pieced together from several 
vendors. And other advantages of hosted 
UC for an SME include "near-zero" man- 
agement requirements, elimination of 
hardware required for on-premises UC, 
and no need for self-managed upgrades. 

Grillo adds that the main advantages for 
hosted UC involve a lower capital expense 
(as hosted UC is often marked as an oper- 
ational expense), a smaller risk than adopt- 
ing a new in-house technology, and the 
energy savings that come from hosting 
your UC in the cloud instead of on your 
own servers. 

Typical Costs 

The costs for hosted UC vary greatly 
based on the size of your company and, 
even more importantly, on the services 



you decide to use through a hosted 
provider, such as whether you are host- 
ing your PBX in the cloud or just the 
instant messaging, video, and Web con- 
ferencing services. 



Bumbernick says the typical costs 
include the handsets you need for VoIP 
and configuration fees. He also says the 
costs are lowered by the fact that there are 
no costs for internal maintenance (say, for 
software updates) because these are all 
handled by the hosted UC provider. 

"The most frequently discussed cost 
factor is the up-front per-user cost for the 
service, which includes software, service, 
and hardware for a public cloud service," 
says Gode. "However, costs quoted are 
usually just the 'email-only' price, 
whereas the costs to include collabora- 
tion, instant messaging, conferencing, 
and voice services typically increase the 
total by two to three times. Beyond the 
up-front per-user costs, SMEs should pay 
careful attention to the 'unadvertised' 
areas, which could add to the total cost of 
a public cloud service solution, such as 
bandwidth and network costs, readiness 
assessment, vendor management, archiv- 
ing, mobile support, disaster recovery, 
and data migration." 

Choosing A Provider 

Once you know the playing field for host- 
ed UC — that there are public and private 
offerings, that you can often pick and 
choose from a variety of services, and that 
the costs tend to include up-front fees by 
user and other configuration costs — it is 
then a good idea to start evaluating vendors. 

Interestingly, this step — while it does 
not seem like a choice about technology 
per se — is actually one of the hardest 
steps, because vendors often provide such 
a wide variety of services. 

Grillo says it is key to choose a provider 
that can go end to end on UC and even 
provide the necessary end-user equipment, 
routers, and other networking devices 
required; make specific guarantees about 
uptime; and provide some redundancy of 
services in case of a failure. 



In the end, it is also important to select a 
provider who you can trust with this 
important part of your business — the com- 
munication with customers — and who will 
provide exceptional service. □ 



The costs for hosted UC vary greatly 
based on the size of your company 
and, even more importantly, on the 
services you decide to use . . . 
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SIX QUICK TIPS 



Adopting Open-Source 
Applications 

Successful Integration With Proprietary Programs Is Key 



by Bruce Gain 

■ • • 

The use of OSS (open-source software) 
in the enterprise has come a long way 
since the days when Linux and other OSS 
applications were associated with long- 
haired "evangelists" and were far removed 
from the mainstream. Many OSS solutions 
have evolved into reliable, stable, and 
secure alternatives to commercial applica- 
tions that can also offer significant reduc- 
tions in licensing costs. 

Unfortunately, installing OSS applications 
for enterprise use can pose some challenges 
when it comes to integration with propri- 
etary programs. While the cost savings that 
OSS alternatives can offer can be huge, it is 
necessary to lay the groundwork before mix- 
ing your data center and networking envi- 
ronment with open-source and proprietary 
software. Here are some things to keep in 
mind to help make the transition smoother. 

Prepare Third-Party Support 

Post-sales support is one of the main 
selling points of almost any commercial 
software product. But with OSS, and partic- 
ularly when integrating it with proprietary 
applications, degrees of support can vary. 
"Chances are the paid support of the propri- 
etary program will not support getting exter- 
nal open- source software up and running or 
even integrated with their program," says 
Greg Shapiro, vice president of engineering 
and CTO for Sendmail (www.sendmail 
.com). "Seek out organizations using the 
same integration via program user groups, 
support forums, mailing lists, etc." 

However, it may be possible to rely on 
in-house support, especially after your enter- 
prise has mastered an OSS' use and integra- 
tion. "If you are going to use a lot of Linux, 
for example, you can get support from [dif- 
ferent Linux providers], but there is no rea- 
son you have to do that. Instead, you can go 
with a Linux distribution and support your- 
self," says Jeffrey Hammond, an analyst for 
Forrester Research. "Generally, we advise 
companies to go the way of commercial 
support, but over time, you may realize that 
you can support yourself. It works fairly 
well and you don't have a lot of problems." 

It is also a good idea to look at what hap- 
pens if you do not renew support contracts, 
Hammond says. "Some product licenses 
are structured so that you have to uninstall 
a particular version of a product [if you do 
not renew a support license]. For example, 
there are some versions of Linux with spe- 
cial management-feature capabilities on top 
of the products that are sold as part of their 
subscription licenses," Hammond says. "So 
you really need to read the individual 
licenses and check them very carefully so 
you understand what your rights are." 

Back-patching support also needs to be 
taken into consideration, Hammond says. 
"If you go with a particular [OSS] version 
and you are not going to change it and keep 
up with the current version and then you 
discover defects, then the question is 'how 
does the defect get fixed?'" Hammond 
says. It is then necessary to determine 
whether the vendor will offer the support 



I even if you purchased an earlier version of 
the OSS that is in use now or if you are 
going to patch it yourself, he says. 

Put A Budget In Place 

You can download and install versions 
of Linux and other open-source software 
free on workstations and servers at home I 
or in the lab, but for enterprise-grade 
applications, costs will be involved. It is 
thus necessary to tally the costs of the pro- 
ject in terms of licensing and support fees 
and manpower before you start. 

"Budget for the effort to install and main- 
tain the open-source software and its depen- 
dencies as well as the code or configuration 
changes necessary to integrate with the 
existing proprietary programs," Shapiro 
says. "In some cases, especially if the pro- 
prietary program does not use open stan- 
dards, this may require a talent pool familiar 
with both the proprietary program, the open 
source tool, and the programming language 
that tool is written in. Compare that budget 
to the cost of other solutions available to 
make the best decision for your needs." 

Work Out The VIrtuallzatlon Bugs 

Virtualization can offer a wide range of 
benefits, but when adding virtual servers 
that are based on open-source operating 
systems or that run other OSS applications, 
potential compatibility issues with propri- 
etary software need to be considered. 

"The goal is to be able to virtualize a het- 
erogeneous environment of proprietary and 
open-source systems without sacrificing per- 
formance," says Mona Chadha, a product 
marketing manager for Novell (www.novell 
.com). "The challenge comes in extending 
the proprietary and open-source interfaces to 
be able to communicate together, and devel- 
oping a set of drivers, or interoperability 
components for each OS to optimize the per- 
formance of the guest. Specific optimization 
points include virtual-machine disk access, 
network access, and access to storage." 

Make Sure Everybody Is On Board 

What business manager would not be 
interested in implementing software that in 
many cases can be installed for a small 
percentage of the cost of commercial 
options? However, when integrating OSS 
with commercial-based software infra- 
structure, investments must be made and 
the human resources must be in place to 
successfully manage the project. It is thus 
necessary to gauge how much support the 
decision makers outside of the IT depart- 
ment are prepared to offer for the project. 
"Understand the appetite of the enterprise 



for OSS and the maturity of the enterprise 
when it comes to OSS adoption," says 
Satish Joshi, executive vice president and 
global technology head for Patni Com- 
puter Systems (www.patni.com). 



Most Practical Tip: 

Take A Gradual Approach 

As admins know all too well, new projects 
can be painful, which is why it is a good idea 
to gradually integrate OSS programs with 
proprietary ones. "First, focus on establishing 
an 'OSS culture' in the enterprise, and then 
gradually take OSS adoption to a level that it 
becomes an integral part of the enterprise 
architecture," says Satish Joshi, executive 
vice president and global technology head for 
Patni Computer Systems (www.patni.com). 
'Typically, low- to medium-complexity appli- 
cations are the first target for OSS adoption 
before targeting high-criticality and -complexi- 
ty business applications." 

Best Tip: 

Get The Updates Right 

Keeping machines current by ensuring that 
updates and patches are downloaded and 
installed as they become available is an 
obvious best practice for any enterprise. 
Unfortunately, the process can be more diffi- 
cult for some OSS packages than they are 
for commercial alternatives, says Greg 
Shapiro, vice president of engineering and 
CTO for Sendmail (www.sendmail.com). 

"Make sure the open-source programs and 
their dependencies are always kept up-to- 
date," Shapiro says. "IVIonitor the open- 
source program's mailing list and/or Web site 
as well as various security mailing lists." 



Before adding OSS programs to propri- 
etary software layers, first determine how 
much the enterprise is willing to depend on 
open-source alternatives. "The adoption of 
OSS varies depending on the risk-taking 
ability of the enterprise. For example, at one 
end of the spectrum, there might be a total 
aversion to OSS, while on the other end, the 
OSS might get adopted across all layers of 
technology architecture, including leverag- 
ing OSS for mission-critical business appli- 
cations," Joshi says. "When it comes to 
maturity, you have a range of characteristics, 
from ad hoc adoption of OSS to OSS getting 
adopted in a very structured way." 



BONUS TIPS 



■ Adapt policy for OSS. 

Jeffrey Hammond, an analyst 
for Forrester Research, says 
before adding OSS solutions 
to your enterprise's applica- 
tions pool, it is a good idea 
now to establish the right policy 



to successfully integrate it with 
proprietary programs. 

■ Add the best products 

first. Satish Joshi, executive 
vice president and global 
technology head for Patni 



Computer Systems (www 
.patni.com), recommends 
finding the best open-source 
options and adding those 
applications first before experi- 
menting with less-known yet 
promising OSS applications. 




I IDC: Server Sales 
Make Record Jump 

According to research firm IDC, 
second-quarter global server 
sales experienced their biggest 
jump since 2003, with revenue 
rising 1 1 % year over year to 
reach $10.9 billion worldwide. 
Units shipped also experi- 
enced record growth, 
increasing 23.8% year 
over 
year — 
the 

biggest 

growth in more 
than five years. IDC 
attributes the booming sales '^^^ 
to growing demand as the market 
gradually recovers from the recession; how- 
ever, the firm says worldwide server revenue 
is still lower than pre-recession numbers. HP 
maintained its top spot in the market, with an 
increase in revenue of 26%; second-place 
IBM saw a loss of 3.2%, and third-place 
Dell's revenue rose 37%. 

I Security Software Revenue 
To Grow By 11.3% 

Gartner forecasts that global security soft- 
ware revenue will pass the $16.5 billion 
mark this year, representing an 1 1 .3% 
increase from last year's $14.8 billion. "Most 
segments of the security software market 
will continue to grow over the next few 
years, although a significant degree of vari- 
ation is expected between the more estab- 
lished and less mature technologies," says 
Gartner Principal Research Analyst 
Ruggero Contu. Overall, consumer security 
software makes up the largest segment of 
the market. Gartner is forecasting $4.2 bil- 
lion in revenue for that segment this year, 
up from $3.9 billion a year ago. The enter- 
prise market, meanwhile, is expected to 
reach $3 billion this year, up from $2.9 bil- 
lion. "During the next six to 12 months, 
products delivered as SaaS and appliances 
will continue overtaking traditional software 
licensing as the preferred purchasing meth- 
ods," says Gartner Senior Research Analyst 
Matthew Cheung. 




I E-gov Site Satisfaction Is Mixed 

Research firm ForeSee Results released its 
latest E-Government Satisfaction Index, find- 
ing that Americans are slightly less happy 
with e-government Web sites than they were 
a quarter ago. According to the most recent 
results, e-gov sites scored 74.7 out of 100 
overall. In the first quarter of this year, how- 
ever, e-gov sites scored a 75.1 rating. 
Despite the mild dip, the score is still up from 
the second quarter of 2009's 73.6 rating. 
NASA's portal achieved the highest marks 
(83) for its department-wide site. The 
Government Accountability Office received a 
76 rating, and the General Sen/ices 
Administration placed third with its 75 rating. 
Other standouts in the category of individual 
sites included a couple of sites from the 
Social Security Administration: A retirement 
calculator (scoring 89 out of 100) and the 
SSA iCIaim site (scoring 88). Overall site cat- 
egories that scored poorly include depart- 
mental sites and news and information sites, 
both of which scored 74. 
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What's On Your 
Users' Desktops? 

Exerting Control Over Unauthorized Applications 



by Bridget Mintz Testa 

Asking what's on your employees' com- 
puters seems logical, but you might get a 
shorter list if you asked what isn't on them. 
Everything imaginable is available to users at 
a cUck of the mouse, from MP3 ditties to mal- 
ware that can be picked up from even the 
most unsuspecting site. Finding out what 
users have hidden from IT is only part of the 
problem. The rest includes cleaning out the 
junk without alienating employees and edu- 
cating them about why they can't have every- 
thing they want on their work computer. 

Need To Know 

A laissez-faire attitude toward user com- 
puters isn't feasible in light of the ever-pre- 
sent security, performance, and legal risks. If 
your company is audited and unlicensed soft- 
ware is found on any employee's computer, 
it doesn't matter that neither IT nor manage- 
ment approved it. The company is still liable 
and subject to a range of penalties and pun- 
ishments, including public humiliation, big 
fines, and costly lawsuits. The Software & 
Information Industry Association and the 



Key Points 



Unauthorized software and applications on 
employee computers create legal and 
security risks and performance and support 
costs. Companies risk everything from 
reduced employee productivity to high- 
stakes litigation. 

IT audits and whitelists are two methods to 
address unauthorized applications on 
employee computers. 
Acceptable-use software policies are 
mandatory and should serve as the basis 
for employee education about risks and 
penalties of unauthorized applications. 



Business Software Alliance actively investi- 
gate reports of illegal software and are 
empowered on behalf of their members to 
take action up to and including litigation. 

Then there are the security risks. "Users 
can pick stuff up from totally legitimate Web 
sites," says Eric Ogren, founder and principal 
analyst of the Ogren Group. "The site might 
be clean one day and infected the next." The 
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whole category of malware "isn't there to 
wreck your computer anymore," Ogren says. 
"It's about stealing data, and, with botnets, 
taking over your computer. Hackers want to 
stay undetected as long as possible." 

Frank Scavo, owner and president of 
IT management analysis firm Computer 
Economics, says peer-to-peer file sharing is a 
huge risk because "an employee may be 
sharing the entire desktop without knowing 
it. . . . That traffic should be stopped at the 
firewall by blocking the specific port or IP 
address when possible. It must be dealt with 
by a network expert if the site is distributed." 

Productivity suffers, too. If employees 
spend their time watching videos, playing 
games, or updating their Facebook pages, 
they obviously aren't working. 

And don't forget there are extra support 
costs, even with unauthorized software used 
only for work. "Unauthorized software can 
create compatibility and other problems with 
the authorized desktop configuration," says 
Brien Posey, an independent consultant in IT 
security, networking, and Microsoft prod- 
ucts. "Support wouldn't know about the 
unauthorized software, and they'd waste a 
lot of time chasing irrelevant symptoms." 

Need To Act 

If you suspect that users have anything 
unauthorized, much less illegal, on their 
work computers, the best practice is to 
audit the desktop, Scavo says. "There are 
many automated tools to do that. If there is 
a laptop, it can be audited when it connects 
to the network." 

If your company operates under high 
security, Scavo recommends monitoring 
outbound email, blocking instant messages 
and social networks at the firewall, and 
even blocking specific IP sites. 

If a user has illegal or malicious software 
on her computer, remove it immediately. 
Unauthorized business software for which 
the user, but not the company, has a license 
(or if it's a free, no-license download), 
should be dealt with on a case-by-case basis. 
"The organization management should 
assess its disposition and contact the 
employee," Scavo says. "It depends on the 
nature of the application and perceived busi- 
ness relevance and risk. It could be some- 
thing the employer wants to adopt. If so, 
the application should be placed on the 



approved application list under the control of 
the IT department and installed through IT." 

Whitelists offer another approach to the 
problem of unauthorized items on users' 
computers. "Whitelists are preventive in 
nature," Ogren says. "Instead of trying to 
respond to attacks, it's a way to keep 
changes from happening on a computer. 
Because changes must happen for mali- 
cious code to work, any unauthorized 
changes are locked out." 

Whitelists, which run in the operating sys- 
tem, only allow authorized programs to exe- 
cute. They operate in one of two ways. The 
first method is based on the concept of trust- 
ed software suppliers, Ogren says. "IT says 
you can trust this company or that company, 
but if you try to install software from some 
unknown company, the whitelist won't let 
you. If the user needs it, he or she can let IT 
know, and they'll evaluate it and decide." 

In the second method, IT creates a list 
of specific authorized software in the 
whitelist. Then the whitelist looks over 
anything before it's allowed to run, Ogren 
says. "It's checking to see if the disk image 
of the software has been modified. If so, 
the whitelist software assumes the modifi- 
cation is malicious and won't let it run." 

You can use either method, but Ogren 
says, "If you're over-zealous about listing 
specific pieces of software, you'll spend a 
lot of time maintaining the list." 

Need To Prevent 

If management and IT act without con- 
sidering employees, resentment will flour- 
ish and staff will surely look for ways to 
circumvent security measures. 

"Social media has given employees, 
especially younger ones, the idea that they 
can use any technology they want on the 
job," Scavo says. "They think it's right. It's 
a culture shock to get into a corporate envi- 
ronment [where that attitude] doesn't 
reflect the real need of the enterprise to 
control what's running on its computers." 

It's therefore essential to have an accept- 
able-use policy that states not only what 
applications may be used on a work computer 
but also why. Don't hide the policy away in a 
filing cabinet. Use it as the basis for a compa- 
ny-wide education program for employees. 
Explain the risks and liabilities of unautho- 
rized and illegal software; teU employees how 
their computers can pick up infections even 
on legitimate Web sites. Provide a process 
whereby unauthorized, but useful, business 
applications can be officially approved, 
licensed, and installed by IT — preferably by 
having employees contact IT before down- 
loading and installing the software. 

Most of the unauthorized, even illegal, 
programs users have on their desktops 
aren't there out of maliciousness. They're 
there because of ignorance. Attack that, and 
you'll likely find the problem becomes 
much more manageable. .M 



Major Internal IT Security Threats 

Unauthorized programs on users' computers are just one aspect of internal IT threats for companies. 
From a global survey of 100 IT executives, security, and risk management professionals conducted by 
Computer Economics in 2009, here are the top five internal threats to an organization: 



Threat 


Respondents Who Selected It As A Top Threat 


Portable storage misuse 


57% 


Downloading unauthorized software 


56% 


Unauthorized P2P network use 


54% 


Unauthorized remote access programs 


53% 


Rogue Wi-Fi access points 


48% 
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DATA CENTER MANAGEMENT 



Mapping The IT Capability 
Maturity Framework 



Help Your Business Get The Most From IT Investments 



by Christian Perry 
• • ■ 

For experienced IT professionals, the 
management of complex environments often 
boils down to a science that draws upon the- 
ories and processes designed to boost effi- 
ciency and effectiveness. An increasingly 
popular example that ties IT to the goals and 
strategies of the business is the IT-CMF (IT 
Capability Maturity Framework), which can 
go a long way toward extracting value from 
IT investments. 

"The biggest benefit that [IT-CMF] can 
provide in terms of IT investment is giving 
the organization a means for evaluating 
themselves and identifying opportunities for 
improvement," says Kenneth Gonzalez, 
managing partner at Engaged Consulting 
(www.engagedconsulting.com). "In other 
words, it gives you the basic building blocks 
for an effective self-assessment that can help 
you improve how you do business." 

Although the IT-CMF can create a 
roadmap that helps businesses navigate 
their IT investments, Gonzalez notes that 
improvement efforts — whether they use 
this framework or not — that don't result in 
outcomes that make a tangible difference to 
customers will likely be considered unsuc- 
cessful or an otherwise waste of resources. 
As such, it's critical for businesses to have 
a thorough understanding of IT-CMF 
before jumping into its intricate structure. 

Getting The 
Framework In Gear 

Organizations interested in implementing tine 
il Capabiiity iVlaturity Framewori< might be 
initiaiiy overwtieimed by ttie stieer expanse 
of its principles, but Kenneth Gonzalez, 
managing partner at Engaged Consulting 
(www.engagedconsulting.com), offers the 
following tips to help get started. 

• Start with the source material. Many orga- 
nizations have taken the basic concepts and 
added their own spin to the framework on 
numerous functional areas within IT. Utilize 
the framework, but keep in mind that there 
is some interpretation involved with how you 
use it to meet your needs. 

• A higher maturity level isn't neces- 
sarily the goal. Focus on specific areas. 
Improvement that is sustainable will work 
on reasonably sized chunks. 

• Manage customer expectations. Your 
customer doesn't really care about your 
maturity level/rating — you do. 

• Don't stop at the first self-assessment. 

Schedule regular self-assessments and 
compare the results with previous ones. 
Use the analysis to see if your actions were 
effective or not. Work with it for at least 
three cycles before you decide to change it. 

• Aim for both quantitative and qualitative 
measures. Connecting the spirit of the 
framework with actual results that get pro- 
duced is probably one of the most impor- 
tant things an organization can do. 



Breaking It Down 

Created by Intel and currently overseen by 
IVI (Innovation Value Institute), the IT-CMF 
is designed to both measure and extract value 
from IT investments, a process that's typical- 
ly considered a huge challenge by CIOs. The 
framework relies on four primary strategies: 
managing IT like a business, managing the 
IT budget, managing IT for business value, 
and managing the IT capability. These macro 
processes are broken down in 36 processes 
that cover all activities found in typical IT 
departments, and these processes are used to 
gauge the maturity of an IT organization. 
This maturity assessment places the IT orga- 
nization into one of five levels: initial (or no 
processes), basic, intermediate, advanced, 
and optimizing. 

"Once the organization knows their current 
level of maturity, they can use the framework 
to understand what it will take to move to the 
next level," says Rich Kazimir, owner of 
CMIT Solutions of Hunterdon/Somerset, 
N.J. (www.cmitsolutions.com/huntsomernj). 
"A plan can be developed to progress, for 
example, from basic to intermediate. I would 
advise that an organization start out by learn- 
ing about the IT Capability Maturity 
Framework and defining a set of goals. Be 
sure to choose a reasonable set of goals. 
Don't try to make too many improvements 
too quickly." 

The maturity stages can provide clear 
insight into crucial relationships between 
business and IT. According to Mike Meikle, 
CEO of Hawkthorne Group, businesses can 
use the model to more easily understand 
their IT spending and learn how to leverage 
existing assets and funds to further business 
goals. The maturity process also can reveal 
where IT dollars are being funneled and if 
those investments truly align with the strate- 
gic direction of the business, he says. 

"First, make sure your organization has a 
strategic planning process in place. If the 
business is currently without a strategic 
planning process, this is where to begin. 
Second, upon reviewing your strategic plan, 
look at your short- and long-term business 
objectives — these will be the drivers for 
your information technology investments. 
Third, preparing the company culture is 
very critical to the implementation process. 
If IT-CMF is sprung upon the staff without 
a careful marketing campaign, you will 
receive tremendous pushback. It will be 
viewed as another layer of bureaucratic red 
tape instead of a tool that can guide busi- 
ness and IT decision-making," Meikle says. 

If you decide to move forward with the IT- 
CMF, it's advisable to assess your organiza- 
tion to determine your current state and estab- 
lish a baseline, says Phara McLachlan, CEO 
of Animus Solutions (www.animussolutions 
.com). She recommends using a heat map, or 
a simple graphical representation of the con- 
dition of processes and procedures within an 
organization. For example, gray could indi- 
cate that additional discovery is needed; red 
could indicate that process and documenta- 
tion are nonexistent and/or process introduces 
substantial legal or financial risk; yellow 
could indicate that process/practice and 



Key Points 



• IT-CIVIF (IT Capability Maturity Frame- 
work) focuses on four strategies and 36 

IT processes to develop a maturity assess- 
ment that helps businesses extract value 
from IT investments. 

• Choose a reasonable set of maturity- 
related goals and be sure not to make too 
many improvements too quickly. 

• Although the entire framework can be a 
valuable tool, organizations can choose 
only specific elements to help improve 
their processes. 



documentation exist but aren't uniformly 
practiced; and green could indicate that 
process and practice may be improved but 
don't substantially violate best practices. 

Pick & Choose 

Without question, the IT-CMF can be a 
complex, time-consuming process for busi- 
nesses committed to working through the 



framework. However, it's possible to 
implement only some principles from the 
framework if you don't have the commit- 
ment or resources to go the distance with 
the entire methodology. Meikle notes that 
many companies seem to pursue an all-or- 
nothing approach to methodologies and 
process, which can lead to a poor fit for the 
business, an unsatisfied staff, and an even- 
tual implementation failure. 

"An organization must weigh the impact 
of the implementation of the IT-CMF princi- 
ples with the maturity of the organization. 
Are departments and staff used to [oversee- 
ing] their budgetary spending to the degree 
which IT-CMF dictates? Is strategic planning 
a process which your company currently 
embraces? Do you have information technol- 
ogy professionals who have the necessary 
business skills to communicate effectively 
with the organization? Has the business ever 
worked closely with information technology? 
These are some of the questions that need to 
be answered before they decide on what prin- 
ciples they will employ." 

Gonzalez adds that the framework is only 
one of many tools available to help 
improve processes. Although it's an effec- 
tive tool, it won't do everything, he says, so 
it's important to understand how and why 
you're using it, including how it fits with 
your larger goals, your major programs, 
and your continuous improvement objec- 
tives. Further, he notes that because any 
self-assessment runs the risk of being 
harsh, it's worth considering using some- 
one outside of the organization who has 
domain-specific expertise to examine your 
framework and help determine whether it 
delivers a "fair and balanced" view. Q 
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I Dell Takes Top Spot 
In India PC Sales 

IDC India reports that Dell is now the top PC 
maker in India after it surpassed HP in the 
second quarter. HP, which has been No. 1 in 
the market since 2005, held 14.3% of the 
market, while Dell grabbed 15.2% of the mar- 
ket. Acer was third with 1 1 .5%. Dell was 
helped by strong numbers across all market 
segments, and HP may have struggled 
because of its shift in distribution practices. 
According to the report, overall PC sales in 
India increased by 24% between the second 
quarter of last year and this year, while note- 
book sales increased by 61% during the 
same time frame. 

I Three 
Sentenced 
In Billing Scam 

The U.S. Department of 
Justice announced that three 
people are going to prison for their 
roles in an international fraud and 
money laundering scheme. 
The trio was able to divert 
$3,379 million from West 
Virginia, Kansas, Ohio, 
and the Commonwealth of 
Massachusetts as part of their 
plan to obtain payments to IT and consulting 
services vendors, including Deloitte 
Consulting, Unisys, Accenture, and EDS. 
Robert M. Otiso of Elk River, Minn., 
Paramena J. Shikanda of Minneapolis, and 
Collins K. Masese of St. Paul, Minn., are all 
Kenyan nationals. 

I Top Security Technologies Identified 

A recent study conducted by the Ponemon 
Institute uncovered the security technologies 
that deliver the most cost-effective protection. 
The study, based on a survey of 488 UK- 
based IT security practitioners, reported that 
antivirus and anti-malware, followed by end- 
point security solutions, Web application fire- 
walls, and policy enforcement tools, were the 
top choices. The study also found that 
regarding mitigation, the biggest security 
threat facing organizations is the loss, theft, 
or removal of sensitive information, and orga- 
nizations are lacking cost-efficient security 
technologies as security and data protection 
are typically under-funded and under-staffed. 

I Health & Human Services To 
Allocate Funds For Rural Health Care 

The U.S. Department of Health and Human 
Services will be dedicating more than $32 
million of its 
budget for fis- 
cal year 2010 
to improving 
health care in 
remote, 
rural, or oth- 
erwise 




underserved 
areas. A $4 million 
slice of the pie will go 
to funding rural telehealth programs, which 
deliver healthcare information and services 
via telecommunications. Specifically, about 
$1 million will go to the Flex Rural Veterans 
Health Access program, which is designed to 
offer telehealth services to areas with high 
populations of veterans; about $1 million will 
go to the Telehealth Resources Center Grant 
Program for providing technical assistance 
for telehealth programs; and about $2 million 
will go to the Telehealth Network Grant 
Program, which helps communities build sus- 
tainable telehealth networks. 



DATA CENTER MANAGEMENT 



HOW TO 



Minimize The Chances 
For Human Error In The 
Data Center 



To Err Is Human; To Work Sharper, Divine 



by Brian Hodge 

Studies repeatedly show that the top 
cause of data loss and downtime is human 
error. This will never change. Human 
beings aren't machine-tooled for preci- 
sion, and the greater the pressure and the 
longer we work without stopping, the 
more susceptible we are to unpredictabili- 
ty and failure. 

Still, data center goof-ups can be made 
fewer and farther between with mindful 
attention to policy, design, precautions, 
and communication. 

Restricted Access 

Reducing human error begins with lim- 
iting the number of people who access the 
data center in the first place. In almost any 
enterprise, only a small fraction of its staff 
ever needs to be there. The rest can be 
kept out by equipping the DC doors 
with keycard or punch-code locks or us- 
ing badge-reliant security, even though 
it's rarely about stopping someone 
with malice. 

"Damage can be done by people with 
good intentions who think they know more 
than they really do," says Mic Jones, senior 
systems administrator for a national public 
sector client. "Don't hand anybody more 
access than they need to do their job." 

Mike Oliveri, technology coordinator at 
a K-12 Illinois school district, agrees. 
"People leaning on equipment or hitting 
the wrong buttons, or a careless custodian 
slinging a mop too close to a server rack, 
can be disastrous." 

If the DC isn't the exclusive turf of your 
enterprise, then access should be restricted 
on the component level. 

"Most servers come with locks on their 
chassis, or some server racks come with 
locking doors. In a shared data center or 
[colocation center], all cables, wiring, and 
equipment should be locked up and 
accessible only by the given customer," 
Oliveri says. 

Access By Non-IT Staff 

On the other hand, most data centers 
will still be visited by non-IT staff — 
regularly by janitorial staff and on occa- 
sion by electricians and other technicians. 
These workers must be briefed on the 
environment they're about to enter. 

"Signs are not enough. There should be 
meetings or training so janitors know what 
they can or can't touch," Oliveri says. "I 
know a guy who had a lot of server errors 
and reboots in the logs on some of his 
equipment. He stayed late one night to fig- 
ure it out and happened to see a custodian 
come in and unplug the UPS on a server 
rack so he could plug in a floor buffer." 

Electricians, carpenters, and similar 
workers should review schematics and 
other diagrams of the areas they'll be 
working in, so they don't, for example, cut 



into a vital line. If they're covering equip- 
ment to protect it, they should be apprised 
of how much airflow components require. 

Design & Environment I 

Much like childproofing a home can 
reduce accidents, attention to facility 
design and placement can prevent mishaps 
by eliminating or circumventing their con- 
tributing factors. 

For instance, controls for temperature 
and humidity should be inaccessible to 
everyone who has no business setting 
them. Also, any button that could be disas- 
trous if accidentally activated, such as an 
emergency power off, shouldn't be a push- 
in type, but pull-out. 

Even though a lot of DC work is done 
remotely, physical access is sometimes 
necessary. "On the occasion when you 
need to go into the server room or to a 
rack ... It needs to be labeled," Jones 
says. Clearly visible labels that confirm 
you're where you need to be are a simple 
way of heading off big blunders. 

Physical safeguards can also play a role. 
In a busy environment, vulnerable racks 
may benefit from railings or bumpers that 
protect them from being rammed by 
chairs, carts, etc. 

Tlie Perils Of Routine ' 

Paradoxically, routine operations can 
open the door the widest to error. With 
mundane tasks, we're often prone to going 
on autopilot or forgetting when we last 
did them. 

"Not following procedure in routine or 
repetitive jobs can be common," says 
Oliveri. "For example, forgetting to swap 
backup tapes in a drive or vault or not 
checking the tapes for errors. Perhaps even 
swapping in the wrong tapes." 

This can even extend to monitoring sys- 
tems designed to alert you to problems. 
"Sometimes a lack of numbers is harder to 
catch than the wrong numbers," Jones 
says. "Everybody's trained to look for the 
wrong output, but when the output stops, 
or something changes, it doesn't show up 
in a way that they're trained to expect." I 

Any kind of reminder system that helps 
direct someone's focus to the task at hand 
is bound to help. | 

Stress Reduction 

Mistakes are likely to compound when 
people are feeling pressure to make some- 
thing happen yesterday. Oliveri recom- 
mends insulating IT staff from fellow 
employees or customers whenever the 
heat of a service outage is on. Fielding 
complaints can only slow getting the situa- 
tion resolved. 

That goes for inside the data center, too. 
Mid-crisis is no time for heavy-handed 
discipline, yet for some supervisors that's 
still the first impulse. "I've seen a lot of 
energy expended on punitive blame being 



Key Points 



Reducing human error begins with limiting 
the number of human beings who access 
the data center in the first place. 
Careful design and placement of key con- 
trols can prevent mishaps by eliminating 
or circumventing their contributing factors. 
High stress and mundane routine can 
both cause errors by knocking people out 
of a calm, focused mindset. 



placed on individuals before the problem 
is resolved," says Jones. 

It really pays to prioritize soft skills 
here — simply focusing on the resolution 
and whatever can be done to prevent the 
problem from recurring. 

Learn From Ttie Past 

It's been noted that IT rarely publishes 
or speaks publicly about specific mishaps, 
possibly out of fear that this could under- 
mine confidence in a company for its pre- 
sent and potential clients. This stance is in 
stark contrast to the aviation industry, to 
name one example, which uses investiga- 
tive transparency in its efforts to make air 
travel ever safer. 

Even if you don't go public about your 
own company's incidents, it can still be of 
great benefit to chronicle them in-house — 
for instance, using them as case studies in 
training documentation or as part of a 
searchable knowledge base. 

The old saying still holds true: Those 
who don't learn from the past are doomed 
to repeat it. lii 



TOP TIPS 



Although people aren't machine-precise, IT 
work often calls for that level of accuracy. "A 
typo can mess up your whole morning," 
says Mic Jones, senior systems administra- 
tor for a national public sector client. Here 
are a few ways to hit the bull's-eye. 

• For all but the simplest tasks, prepare a 
step-by-step script or checklist. 

• When working from a checklist, work as a 
team, with one person giving the next 
step and providing oversight while the 
other person focuses on one task at a 
time. Even conferring over the phone is 
better than flying solo. 

• When typing keyboard commands, don't 
keep your finger poised over the ENTER 
button. Take your hands away and dou- 
ble-check that if s typo-free, that you're in 
the right SSH window, in the right directo- 
ry, etc. 

• Physical or mental fatigue can wreak 
havoc during prolonged or repetitive 
tasks. Take a break whenever you sense 
you need one, or at the first sign of even 
a minor slip-up. 
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SIX QUICK TIPS 



Boost Your 
IT Skills 

Enhance Ability & IVIarketability 



by Sixto Ortiz Jr. 

A RECENT SURVEY OF 606 DEVELOPERS, 

architects, and analysts conducted by 
Embarcadero Technologies found that 
more than 60% of developers wished they 
had more time to hone skills and profes- 
sionally develop. In spite of time and bud- 
get pressures, it is critical that personnel 
find the time to learn, because information 
technology changes at a breakneck pace. 
Those who fail to boost their IT skills run 
the risk of quickly becoming professional- 
ly irrelevant. In this tough economy, that 
is a prescription for career disaster. 
Thankfully, IT professionals can take 
numerous steps to boost their skills in a 
cost-effective manner. 

Understand Project 
& Portfolio Management 

Some of the critical skills IT personnel 
should master in order to enhance their 
business acumen include formal project 
and program management and busi- 
ness analysis, says Nancy Nee, executive 
director for project management and busi- 
ness analysis programs at ESI Inter- 
national (www.esi-intl.com). 

For example. Nee says, courses 
focused on IT portfolio management help 
administrators learn how to align their 
projects with an organization's strategic 
objectives by bringing structure and man- 
agement to the IT projects they are work- 
ing on for the business. Understanding IT 
portfolio management principles helps 
administrators evaluate project proposals 
and business cases by ensuring they align 
with organizational goals and objectives, 
she says. 

IT personnel should learn best prac- 
tices; this knowledge can go a long way 
toward helping projects get the green 
light from the business. Nee says. 
However, the skill of creating business 
cases, she adds, is often lacking and leads 
to unrealistic expectations. Having the 
proper business analysis skills to identify 
the efficiencies and financial benefits in a 
business case allows decision makers to 
better manage the organizational invest- 
ments on projects. 

Don't Neglect The "Soft Skills" 

Dave Hatter, owner of custom software 
development company Libertas Tech-nolo- 
gies (www.libertastechnologies.com), says 
that although certifications and continuing 
education are important, soft skills and 
business knowledge are just as important, 
if not more so. As business and technology 



BONUS TIPS 



■ Visit online forums. 

Another way to pick up learn- 
ing is to seel< out blogs, 
knowledge sites, forums, and 
discussion and Twitter groups 
that allow you to post ques- 
tions and receive responses, 



says Annette Dow, CEO of 
Binary Research International 
(www.binaryresearch.net). 

■ Advertise your qualifica- 
tions. Posting certification 
credentials on email signature 



lines or on business cards 
allows IT personnel to quick- 
ly communicate specific 
achievements to others, says 
Josh Stephens, vice president 
of technology at SolarWinds 
(www.solanwinds.com). 



continue to merge, he says, the ability to 
bridge the chasm between business and 
technology will grow in importance. 

Nee says IT personnel should seek out 
general business skills such as effective 
communication, financial literacy, and 
strong coaching skills to become more 
effective at their jobs and save their 
organizations time and money. Nee 
points to the fact that surveys of skill 
gaps for IT people at all levels often 
reveal the need for a stronger busi- 
ness mindset. 

"Most IT folks live in the world of IT 
and rarely venture out of that cocoon," she 
says. But, to be successful at delivering IT 
projects, a business mindset is critical. The 
key is to be aware of how the business 
side functions. This knowledge can be 
obtained simply by asking questions. Nee 
says. For example, IT personnel working 
on projects should find out how a project 
helps the business improve or how it 
impacts business processes. 

Beyond asking questions as projects 
develop, IT personnel should seek out 
training and/or development on under- 
standing how the business works and 
how IT provides support, she adds. This 
knowledge adds tremendous value to 
IT project outputs, enhances project 
quality, and improves the business along 
the way. 

The Ins & Outs Of Certifications 

Certifications are a great way to obtain 
new skills while enhancing professional 
credentials. Obtaining certifications, says 
Josh Stephens, vice president of technolo- 
gy at SolarWinds (www.solarwinds.com), 
is a way for IT professionals to showcase 
transferable skills while honing and vali- 
dating skills related to IT job duties. 

But, given the number of certifications, 
it is important to choose the correct ones. 
Decision makers looking for certifications 
and education to promote within their 
organizations should not only look at 
the popularity of the name but also at 
the content of the course itself, says 
Christopher Hadnagy, operations manager 
of Offensive Security (www. offensive 
-security.com). Criteria to look at include 
the level of hands-on work provided by 
the course, as well as its relevance to 
technology "in the real world." A good I 
training program, Hadnagy says, should 
leave the student with new skills and 
experience in using those skills, not just 
theory or book knowledge. 

IT personnel should also be wary of 
vendor-specific certifications. Joseph 



Schumacher, IT auditor and owner of 
1026 North (www.1026north.com), says 
many colleagues have sought vendor- 
specific certifications only to find 
them useless when companies switch 
platforms. 

Look For Unique Ways 
To Save Training Dollars 

Kent Malwitz, vice president at UMBC 
Training Centers (www.umbc.edu/train 
ctr/), says IT personnel should find a good 
guide to help them enhance their IT skills. 
However, he warns, personnel seeking a 
guide must ensure the individual under- 
stands how and why things work and is a 
patient teacher. Even though there are 
many people who are technically profi- 
cient, he says, the combination of strong 



Best Tip: 

Play Around 

Kent Malwitz, vice president at UMBC 
Training Centers (www.umbc.edu/trainctr/), 
says there is no better way to learn technolo- 
gy than to play with it. Advances in virtualiza- 
tion enable the development of "sandboxes" 
that allow trainees to work with various tech- 
nologies, operating systems, and software in 
a real but safe environment. After all, adds 
Malwitz, sometimes it's instructive for a train- 
ee to break something so they can deter- 
mine how it is constructed. Virtual machines 
allow this type of learning to take place with 
no risk. 

Most Cost-Efficient Tip: 

Join A Network 

Those interested in picking up a new techni- 
cal skill set should find and connect with oth- 
ers seeking the same by joining a network, 
Malwitz says. This way, a group of people 
can learn together, ask questions, and teach 
each other. Learning a technology and then 
teaching someone else is a very effective 
learning method, he says. 



technical skills and effective teaching 
skills is harder to find. 

Many large corporations are known for 
cutting IT budgets first, and training is 
often the first item to get cut, says Iman 
Jalali, director of sales and marketing at 
Train Signal (www.trainsignal.com). 
Typically companies spend anywhere 
from $5,000 to $10,000 on training per 
employee. So, alternative methods such as 
training software become very valuable. 
In fact, Jalali says. Train Signal has 
noticed a substantial increase in personnel 
who are looking for alternatives to class- 
room training. 

Personnel should also look to their part- 
ners for free training and educational work- 
shops, says Buck Jones, Director of ESS at 
Mobius Partners (www.mobiuspartners 
.com). Many service providers, such as 
VARs and system integrators, regularly 
host or sponsor training, providing free cer- 
tifications for customers and even pros- 
pects, Jones says. Personnel should ask 
what courses are on the horizon and recom- 
mend the kind of training they need; often, 
he says, suppliers of services or products 
can work with their partners to determine 
ways to provide specific training. Also, 
"lunch and learns" and educational sympo- 
siums are ways for IT personnel to inter- 
act with peers, ask lots of questions, and 
learn about new technologies with minimal 
time investments. 




I Malaysian Company Sues Apple, 
Google, Others 

StreetSpace, a Malaysian maker of Internet 
kiosks, has filed suit against Google, Apple, 
NAVTEQ, and as many as 20 unnamed 
defendants claiming that the companies' 
mobile ad technologies are in violation of 
StreetSpace's U.S. patent covering a "Method 
and System for Providing Personalized On- 
line Services and Advertisements in Public 
Places." StreetSpace, a subsidiary of Em- 
bedded Wireless Labs, claims that it owns 
the exclusive right to deliver personalized ads 
in public places. 

I Power, Heat Concerns Driving 
Integrated Graphics Market 

iSuppli estimates that, by 2014, four out of 
five laptops will feature integrated graphics. 
Currently integrated graphics are found in 
39% of laptops. The research group expects 
the increased use of integrated chips to be 
driven by vendors that are moving toward 
portable designs where the laptop uses less 
power and generates less heat. iSuppli also 
indicates that the downturn in the economy 
has raised the market for integrated graph- 
ics, because they are traditionally less 
expensive than the discrete graphics cards. 
Intel has also benefited from the change, 
because its Core I Series processor features 
a graphics processor architecture built into 
the chip. 

I IT Willing To Buy Own Tech Tools 

If they had the freedom to choose what tech- 
nology they use, almost a third of IT employ- 
ees would pay the entire cost of the tool, 
while 21% would pay up to half the cost. 
According to the Unisys study, another 21% 
indicate that they would be willing to invest 
30% of the cost. Only 26% say they wouldn't 
pay any amount for their technology. A 
recent IDC study sponsored by Unisys also 
found that 95% of the 2,820 IT workers it sur- 
veyed say they use at least one device for 
work that they purchased themselves. 
Unisys says the results indicate a blurring of 
lines between using technology for personal 
and work purposes. 




I Security Tensions Between Public, 
Private Sectors On The Rise 

A recent report from the GAO (Government 
Accountability Office) notes tensions 
between the public and private sectors, as 
the two sides attempt to work together to 
meet cybersecurity threats. Both sides 
object to the other's alleged failure to share 
information related to protecting critical infra- 
structure against attacks. While the private 
sector complains that government is not 
doing enough to provide information that 
could be used to help infrastructure owners 
prepare, the government maintains that pri- 
vate companies are hesitant to share what 
might be perceived as proprietary informa- 
tion for fear of public disclosure and a resul- 
tant loss of market share. 
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The Price 
Of Downtime 

Measuring The Loss Of Opportunity 



by Jean Thilmany 

Nearly any amount of downtime is a 
problem, but just iiow much of a problem is 
it? Understanding the impact of unplanned 
outages, particularly when it comes to the 
loss of opportunity for your data center and 
your enterprise as a whole, can be relative- 
ly straightforward — or complex, depending 
on the nature of your enterprise, says 
William Malik, research director for IT 
operations and infrastructure at Gartner. 
Enterprises that understand how to estimate 
the cost of an outage determine just how 
much money and time to allocate to disas- 
ter recovery applications and efforts. 
Enterprises can also determine these down- 
time costs in order to plan downtime. 

An enterprise for which a short amount 
of unplanned downtime will be of relative- 
ly little consequence would look at disaster 
recovery differently than an enterprise 
completely dependent on computers and 
servers for its revenue, Malik says. 



Key Points 



• Though a method to determine how much 
an hour of unplanned downtime costs does 
exist, you will still need to quantify results 
in regard to your own enterprise. 

• Knowing how much an hour of downtime 
will cost your enterprise helps when plan- 
ning for disaster recovery efforts and for 
planned outages. 

• Your own downtime affects more than just 
your enterprise; supply chain partners and 
customers can be affected, as well. 



"The way to determine downtime cost is 
to say 'how much revenue does the compa- 
ny generate in a given period,' then assume 
that because systems are down, you can't 
generate any revenue during that time peri- 
od," Malik says. So, for a conventional 
brick-and-mortar business, estimating the 
cost of an outage is comparatively simple. 



For an enterprise that conducts business 40 
hours per week, or — with holidays, vaca- 
tions, and weekends — 2,000 hours per year, 
first distribute the firm' s revenue uniformly 
across those 2,000 hours. 

In other words, if the firm makes $100 
million per year, then an average hour 
would represent $50,000 of revenue. A 
one-hour outage would cost that firm 
$50,000, Malik says. 

Flexible Formula 

The problem with this formula is that not 
all of those 2,000 hours of operation are cre- 
ated equal, he adds. "If you're Walmart or a 
JCPenney, the two and three weeks prior to 
Christmas day are 40% of your revenues," 
Malik adds. "So if you're down for a day, 
then it's the difference between being prof- 
itable or not, whereas if you're down for a 
day in late June, it makes little difference." 

Other considerations also come into play. 
For some enterprises, a brief interruption 
may be of little consequence, while a sub- 
stantial outage could jeopardize the firm's 
financial viability. 

An hour of downtime at an enterprise 
that deals exclusively with online cus- 
tomers will differ significantly, for exam- 
ple, in terms of revenue lost, from that of a 
community college. But that community 
college would also see disruption if the out- 
age continued, and data center managers 
there need to plan accordingly, Malik says. 

The method of dividing revenue over 
hours of operation only works for relatively 
short-duration outages, he says. So while 
one hour out of 2,000 may represent one- 
twentieth of one percent of annual revenue, 
a five-day outage may have substantially 
more impact than 2% of revenue. 

"Rather than develop a second sliding 
scale of the cost of an impact, it might be 
more useful to define a preliminary recov- 
ery time objective and recovery point 
objective based on a high-level business 
impact analysis and affirm that if the busi- 
ness is out for a week — or whatever the rel- 
evant time period might be — then it may 
not recover at all," Malik says. Those num- 
bers will help determine and to schedule 
disaster recovery methods and applications. 

Planned Downtime 

Measuring downtime costs in order 
to plan downtime works a bit different- 
ly, says Henry Martinez, senior vice 
president of engineering at Vision Solu- 
tions (www.visionsolutions.com), which 

Power Running 

Data centers can go down thanks to extreme 
weather, computer viruses, software or hard- 
ware problems, or human error, says Herve 
Tardy, vice president and general manager 
at power management provider Eaton's 
Distributed Power Quality Division (www 
.eaton.com). Often, however, electrical prob- 
lems, including power surges, brownouts, line 



provides disaster recovery and systems 
management options. 

For this, data center managers will need 
to map all data center use by all enterprise 
operations — from human resources to man- 
ufacturing — to determine times of peak use 
by each department, Martinez says. 

"By looking at operations in the business, 
you'll usually find the gaps where not 
much or nothing is happening and it's OK 
for you to do planned downtime with low 
or no impact," he says. 

Again, the results will differ depending 
on the type of enterprise. A manufac- 
turer might run only one shift, meaning 
downtime can happen at night, he says. 
Enterprises that rely on ecommerce transac- 
tions are, of course, a different story. "But 
if they're doing regional ecommerce busi- 
ness, even those servers can have planned 
downtime because very few people are mak- 
ing transactions late at night," Martinez says. 

Enterprises that operate as part of a sup- 
ply chain or those in distribution or logis- 
tics will need to determine how planned 
downtime will affect other members in the 
supply chain. 

Looking Out 

Many enterprises overlook the role their 
own downtime — whether planned or 
unplanned — will have for other enterprises. 
"You have to look outside your company, 
because it's just one link in a long supply 
chain," Martinez says. "You've got to look 
at what it will cost you if you happen to be 
the weakest link in this supply chain. 

"You have to 
practice what 
you'll do in case 
of downtime." 

- Vision Solutions' Henry Martinez 

"This is harder to quantify," he adds. "If 
everyone else is running just fine but your 
little piece is the one that breaks, everyone 
else will be mad at you. [It's] easy to dis- 
cuss and paint the brush strokes of what 
your liabilities might be and what goodwill 
might damage, but to come up with a dollar 
value is difficult." Still, it's best to take into 
account that outages and resultant down- 
time may result in a black eye for your 
enterprise, and lost customers and future 
revenue, Martinez says. 

One final recommendation from Mar- 
tinez: practice. "It's like a fire drill," Mar- 
tinez says. "You have to practice what 
you'll do in case of downtime." He gives 
the example of one enterprise that — when 
the power went down — lost key-card 
access to the data center. No one could get 
in to reset servers. "You have to test every- 
thing," Martinez says. "Who would think a 
$200 security system on the data center 
door might keep you from switching over 
to your fail-over center?" „ 



noise, high voltage, frequency variation, switch- 
ing transients and harmonic distortion, are 
behind these events. A power interruption might 
trip up the software, for example. These inter- 
ruptions can be mitigated by incorporating ener- 
gy-efficient uninterruptible power systems and 
power management software into the data cen- 
ter. Tardy says. 



What are 

PROCESSOR & 

PROCESSCK .G(M 

all about? 



ard, easy-to-read 



1 0-' 



ice 



and tips to help you do your job 



0*- 

,^o.--- f"-"-" ''^"■P-"^"' -manufacturers and resellers yOU Can 



in-depth infoi-j 



.sec. and refurbished eq,p^^^^ 



and simpler to use than 



lers that can serving 



today's 



■'Nation 



Or 





Or, 



balers 



PROCESSOR. 

It's all about products, news, and 
information data center professionals can trust. 



September 10, 2010 



Processor.com 



Page 45 



DATA CENTER MANAGEMENT 



BOOK REVIEW 




Social Software 
Strategies 



LEADERSHIP Open Leadership: How Social Technology 
Can Transform The Way You Lead 

Author: Charlene Li 
Price: $27.95 

Format: Hardcover, 336 pages 



by Kurt Marko 

Social software has evolved into a 
mainstream media platform for everyone 
from professionals seeking to expand their 
contact network to companies hyping their 
latest product. Several years ago, some IT 
consultants warned executives that social 
technology was no passing fad, but rather a 
fundamental communications revolution that 
enterprises ignored at their peril. 

One of the early and notable champions 
was Charlene Li in her 2008 book "Ground- 
swell" (co-authored with Josh Bernoff). 
Largely a primer on social technologies and 
other Web 2.0 applications for managers not 
conversant in the latest Internet buzz, 
"Groundswell" focuses on strategy, not tac- 
tics. It left unanswered many questions man- 
agers faced as they sought to integrate social 
technologies into their product plans, com- 
munication processes, and management prac- 
tices — gaps filled in Li's sequel, "Open 
Leadership: How Social Technology Can 
Transform The Way You Lead." 



Redefining & Flattening 

"Open Leadership" opens with more of a 
conceptual section outlining how new 
social communication technologies are 
redefining and flattening the traditional 
organizational hierarchy of executives, 
supervisors, and workers by creating more 
open flows of information. Li examines 
what it means to be an "open" manager and 
some of the benefits and risks, wrapping up 
with a self-assessment questionnaire to 
assist readers in developing a personal and 
corporate openness profile. 

The book's core outlines concrete steps 
for creating an open strategy, identifying 
specific areas where it's most beneficial. 
Li includes chapters on methods for mea- 
suring the benefits of openness, guidelines 
for developing social technology policies 
and procedures, and a step-by-step imple- 
mentation roadmap for becoming an open 
leader. The book wraps up with a section 
on the ramifications of leading in an open 
environment, one in which employees and 



Key Concepts 

• As social, Web 2.0 technologies become 
ingrained in the enterprise, they are upsetting 
traditional hierarchical, top-down organiza- 
tional models and manager/employee rela- 
tionships. Effectively channeling these 
technologies can increase business agility, 
responsiveness, and efficiency, yet without 
rigorous planning and implementation, they 
can lead to organizational chaos. 

• These new relationships fostered by social 
technology force executives to rethink how 
they lead. This requires balancing open- 
ness to new ideas and suggestions with 
control, giving up the right amount in the 
right situations. 

• Open leadership requires a strategy for how 
open and transparent both individual man- 
agers and the company at large should be, 
and which areas or business processes will 
most benefit from more openness. 

customers are empowered to offer advice 
and make decisions. 

Li says the book "lays out what it means to 
be an open leader and details the characteris- 
tics, skills, and behaviors of effective open 
leaders," while explaining how management 
can identify, nurture, and mentor them. 

As a social technology visionary, Li 
believes in the transformative power of open- 
ness, both at the individual and organization- 
al level, adding that it's not just a superficial 
gesture but an "economic and marketplace 
necessity." Yet she acknowledges such 
changes often clash with existing corporate 
culture and require a degree of centralized 
authority and control to implement. 
Executives who aren't afraid to cede some 



Other New & 
Upcoming IT Titles 

"Empowered," by Josh Bernoff and Ted 
Schadler. Like this month's review, this is a 
"Groundswell" sequel that focuses on how 
social/collaborative software can be used to 
tap into the myriad skills and ideas within the 
enterprise to foster bottoms-up solutions, while 
outlining the management and IT structures 
necessary to exploit social software. 

"The Shallows," by Nicholas Carr. Carr 
turns his lens on the Internet, examining how it 
has radically changed the way people con- 
sume information, the concomitant physical 
affects this has on our brains, and resultant 
diminution of our ability to understand deep, 
reflective arguments. 

"The Design of Design," by Frederick P. 
Brooks. The legendary author of the seminal 
"Mythical Man Month" turns his attention to the 
conceptual process of design itself. In this set 
of essays. Brooks pinpoints the constants 
inherent to all design projects and uncovers 
processes and patterns most likely to lead to 
design excellence. 

"Controller-Based Wireless LAN Funda- 
mentals," by Jeff Smith, Jake Woodhams, 
and Robert Marg. This book provides a 
compendium of the information needed to 
design, configure, deploy, manage, and 
troubleshoot wireless networks, including 
network design best practices and many con- 
figuration examples. 

control to achieve broader corporate success 
will find a valuable guide in "Open 
Leadership" on the use of social technology 
to both be a more effective leader and recep- 
tive follower. □ 
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Cyber Switching began pioneering power distribution 
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other PDU on the market offers these unique features. 



Products Sold: 

• Intelligent power management 

• Value-added power management 

• Metered power distribution 

• Three-phase power distribution 



Energy management 
and control 
Switches 
Patch Panels 



(888)311-6277 I www.cyberswitctiing.com 



Physical Infrastructure 



IVIAIIMLIIME 

lcomputer products^, 



Mainline Computer Products has been in business since 
1986 and has one of the nation's largest selections of 
LAN furniture, command centers, and server cabinets. 
We can serve companies of all sizes, including education- 
al institutions and city, state, and federal government 
agencies. In addition to offering data center equipment, 
we can assist in the planning, design, construction, and 
design/build process. 



Products Sold: 

• Command consoles 

• Server cabinets 

• Computer room equipment 



• UPS and PDU systems 

• Access flooring 

• Technical furniture 



(800)686-5312 I www.mainlinecomputer.com 



Physical Infrastructure 



RACKMOUNr 

SOLUTIONS. Ltd 

■ where customer service matters^ 



Rackmount Solutions' mission is to listen to the IT engi- 
neer's specific needs and deliver superb-quality, high-per- 
formance products through continuous product innovation 
and operational excellence. We pride ourselves in provid- 
ing quality customer service, products that fit your IT 
requirements, and solid value for your money. 

Products Sold: 

• Wallmount and server racks and cabinets, including 
sound proof, air conditioned, and large cable bundle 

• Desktop/tabletop portable racks 

• Shockmount shipping cases 

• Bulk cable 



Physical Infrastructure 



AVTECH 



AVTECH Software, founded in 1988, is focused on making 
the monitoring and management of systems, servers, net- 
works, and data center environments easier. AVTECH pro- 
vides powerful, easy-to-use software and hardware that 
saves organizations time and money while improving opera- 
tional efficiency and preparedness. AVTECH products use 
advanced alerting technologies to communicate critical status 
information and can perform automatic corrective actions. 

Products Sold: 

A full range of products that monitor the IT and facilities 
environment, including temperature, humidity, power, 
flood, room entry, and UPS 



220-6700 I www.AVTECH.com 



Physical Infrastructure 



DAZA CEnZEH DEPOC 

A Gaw Associates, Inc. Company 

Data Center Depot prides itself on providing the best 
selection, pricing, and support for data center products. 
Our diversified product line can meet the specific needs of 
data center managers responsible for virtually any type of 
corporate setup. We are a major manufacturer and also 
distribute the product lines for top companies in the indus- 
try. Most of our products are available via our online store, 
but we encourage you to contact us so we can help you 
find the right products for your requirements and budget. 

Products Sold: 

• Data cabinets, racks, and accessories 

• LAN and NOC furniture • Cable ladders 

• Consoles and monitor walls • Patch panels 

• Power supplies • Storage furniture 



(877)429-7225 I www.DataCenterDepot.com 



Physical Infrastructure 



MOVINCOOL. 

THE #1 SPOT COOLING SOLUTION 



The MovinCool division of DENSO Sales California has 
pioneered the use of portable air conditioning solutions for 
a variety of North and South American markets since 1982. 
MovinCool works with a national network of distributors and 
suppliers to provide product sales, installation, and rental. 

Products Sold: 

• Office Pro Portable Air Conditioner Series for indoor 
environments such as server and telecom rooms 

• Classic & Classic Plus Portable Air Conditioner Series 
for moisture removal, outdoor and industrial spot-cooling 

• CM Series ceiling-mounted A/C for cooling sen/er 
rooms, telecom closets, or anywhere space is limited 



(800) 264-9573 I www.movincool.com 




Physical Infrastructure 



Server Technolosy 

Solutions lor the Data Centei [quipiriem Cabinei 



Server Technology is committed to the PDU market with the 
largest group of engineers dedicated to power distribution 
and other solutions within the equipment cabinet. Advance- 
ments in device power monitoring help data centers monitor 
and improve their efficiency and continuous research and 
development is fueled by companies that look to Server 
Technology for their custom cabinet power solutions. 

Products Sold: 

A complete line of cabinet PDUs, including Per Outlet 
Power Sensing (POPS), Rack Mount Fail-Safe Transfer 
Switch, Console Port access with remote power manage- 
ment. Switched, Smart, Metered, Basic, and -48 VDC 



Physical Infrastructure 




BayTech was founded in 1 976 and, since the 1 990s, has 
developed unique products for remote power management. 
The company uses printed circuit board instead of wires for a 
better, more resilient connection between the data center 
equipment and the receptacle. BayTech provides an exten- 
sive Web site with brochure downloads, warranty informa- 
tion, and reseller support and also offers evaluation units for 
data centers. 

Products Sold: 

• Power control, distribution, management, and metering 

• Power transfer switches 

• Console management and remote site management 



(800) 523-2702 I www.baytecti.net 



Physical Infrastructure 



herqo' 

TECHKICAL WORKSPACE^^^SOLUTIONS 



Based in New York City, Hergo Ergonomic Support 
Systems is an independent designer and manufacturer of 
enclosure cabinet solutions, technical computer furniture, 
and modular racking systems. The company's products 
are designed to promote organization in the workspace 
and to increase the productivity of computers, peripherals, 
and communications equipment. Hergo is known for its 
high-quality products and superior customer service. 



Products Sold: 

• Racks 

• Enclosures/cabinets 

• Motorized workstations 

• Flat-panel arms 



Computer desks 
Cable management 
Power management 



222-7270 I www.tiergo.com 



Physical Infrastructure 



PDUs 



direct 



Physical Infrastructure 



Established in 2008, PDUsDirect.com is an online whole- 
saler providing a select line of PDUs for sen/er and net- 
worked environments. PDUs Direct's basic, metered, and 
switched Rack PDUs provide local and remote power 
management, power monitoring, and environmental moni- 
toring. We pride ourselves in offering industrial-grade qual- 
ity products at the lowest prices, with the fastest shipping 
(most orders shipped within 24 hours) and simplest pur- 
chase process. 

Products Sold: 

A complete line of 20A PDUs, including metered, basic, 
and switched. 



751-7387 I pdusdirect.com 



PflSIMPLEX 

' ISOLATION SYSTEMS 



Since 1979, Simplex Isolation Systems has been setting 
new design standards in modular expandable cleanroom 
components, isolation curtains, hardware, and new product 
development. Fontana, Calif., -based Simplex's unique strip 
doors and mounting systems are designed for quick instal- 
lation. Simplex parts and materials perform with optimum 
efficiency, last longer, and save you money. And with 
Simplex, you are always backed by industry expertise, 
product knowledge, and the best warranties in the market. 



Products Sold: 

• Cleanrooms 

• Enclosures 



Strip doors 
Curtains 



(866) 207-6631 I www.racl(mountsolutions.net 



(800)835-1515 I www.servertech.com 



(877) 746-7540 I www.simplexisolationsystems.com 
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Servers 




NEC is a leader in products and services to meet ttie 
needs of today's enterprises. We supply government 
agencies and private companies with a wide range of 
products, including servers, storage equipment, software, 
and IP telephony systems. Our IT services can help your 
enterprises with systems integration, maintenance and 
support, and outsourcing. 

Products Sold: 

Servers, storage, communications, high-availability and 
disaster recovery software, and a range of services, 
including managed and professional IT services and busi- 
ness consulting. 



(800)338-9549 I www.nec.com 



Equipment Dealer 



Information 
Technology 
Trading 



At Information Technology Trading, our goal is to help you 
acquire the right hardware or software solution. We special- 
ize in purchasing and reselling data-processing equipment 
and have more than 21 years combined experience. We pro- 
vide services and system upgrades, DASD, communication, 
and memory. We're also an outlet for off-lease portfolios. 

Products Sold: 

• AS400, Advanced System/36, R/S6000, ES/9000, and 
PC systems (including lease and rental) 

• CPUs, memory, disks, tapes, displays, and controllers 

• Services, including system design and installation, 
maintenance, and buyback of existing hardware 



(877) 715-3686 I www.itechtrading.com 



Servers 



SUPERMICR< 



When buying a server, you don't want a one-size-fits-all 
solution. Supermicro uses modular and interoperable 
Server Building Blocks to offer the highest levels of flexibility 
and customization possible to design servers tailored and 
optimized for your specific needs. Supermicro's focus on 
green computing leadership, system design expertise, and 
power-saving technologies ensures the products you 
purchase are energy-efficient and application-optimized. 



Products Sold: 

• Servers 

• Motherboards 

• Chassis 



Networking 
Storage 



(408) 503-8000 I www.superinicro.cotn 



Equipment Dealer 



Butlep 



mm 



Pace 



• PaceButler buys used cell phones. 

• In business since 1987 

• Redeploy your used phones after upgrade 

• Donation option - directly to the non-profit of your choice 

• Dedicated to customer satisfaction 

- A+ Rating with the Better Business Bureau 

- Payment issued in four days 

• Dedicated to employee development 

- Book reading program 

- Health and fitness programs 

Products Sold: 

We buy used cell phones & PDAs, including Apple, LG, 
Blackberry, HTC, Motorola, Nextel, Nokia, PalmOne & 
Samsung. 



(800)248-5360 I www.pacebutler.com 



Clients 



dtSearcK 

www.dt search, com 



Maryland-based dtSearch started research and develop- 
ment in text retrieval in 1988. The company is known for 
speedy adoption of new programming standards, OSes, 
and file types. Plus, it has a flexible licensing model. 
Typical corporate use of dtSearch includes general infor- 
mation retrieval, Internet and intranet site searching, and 
email archiving and email filtering. 

Products Sold: 

Text retrieval products, including; 

• Desktop With Spider • Web With Spider 

• Network With Spider • Engine For Win & .NET 

• Publish For CD/DVDs • Engine For Linux 



(800)483-4637 I www.dtsearch.com 



Equipment Dealer 




In 1987, Pegasus Computer Marketing started providing 
mainframe products to the end-user market. What began as 
a sales-only organization soon adapted to offer in-house 
repair and refurbishment. During the past 10 years, Pegasus 
has focused primarily on the point-of-sale and barcode 
industries, buying, selling, and providing sen/ice contracts for 
anywhere from a few scanners to hundreds. 

Products Sold: 

We buy, sell, and service: 

• Point-Of-Sale Equipment and POS/PC Flat Panels 

• Wired and Wireless Barcode Hardware 

• Kronos Time Clocks and Accessories 



(800) 856-2111 I www.pegasuscomputer.net 




Processor is now 
on Facebook 
and Twitter! 



Follow us at www.twitter.com/ProcessorPub 
or search for "Processof on Facebook Groups 



PROCESSOR 



Call (800) 819-9014 to subscribe to Processor or go to www.processor.com to 
read articles and view tliousands of products online free of charge to qualified readers. 



NEC Fault Tolerant Servers 



Taking Fault Tolerant Virtualization to the Next Level 



With the adoption of virtualization growing quickly, the need 
for ultra-high availability in the virtualized environments is 
becoming critical. Introducing NEC's next generation Fault 
Tolerant (FT) servers - NEC Express5800 FT Server Series - now 
support VMware vSphere™. 



The new NEC FT systems deliver continuous processing to 
VMware environments with performance and simplicity never 
before available. Delivering up to 99.999% uptime, the latest 
NEC FT server provides a scalable FT virtualization solution that 
can be remotely managed with minimal IT resources. ^ 

Too ^^d to be true? Try NEC for 30 days. For a limited time, 
NEC is offering a bold 30-day no-risk guarantee for its innovative 
FT server. No up-front cost. No hassle. No risk. It's that simple. 



Contact NEC today and see how you can take FT virtualization 
to the next level. 





